Microsoft AD Password Sync Agents Are Not Working When TLS1.2 Is Enabled On Domain Controllers
Last updated on JUNE 14, 2018
Applies to:Identity Manager Connector - Version 9.1.1 and later
Information in this document applies to any platform.
Microsoft AD Password Sync Connectors 18.104.22.168.15 was installed on Windows 2012 domain controllers to sync the passwords from AD to OIM. Then TLS 1.0 protocol on domain controllers was disabled and TLS 1.2 protocol was enabled on domain controllers. From then, Password Sync agents are unable to communicate with the OIM servers.
Whenever a user tries to change password, a contact object is being created in the domain controller. There is no exception no logged in the OIM application servers.
The issue can be reproduced with the following steps:
1. Disabled TLS 1.0
2. Enable TLS 1.2
3. Ad user change password
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms