Microsoft AD Password Sync Agents Are Not Working When TLS1.2 Is Enabled On Domain Controllers
(Doc ID 2411229.1)
Last updated on JUNE 14, 2018
Applies to:Identity Manager Connector - Version 9.1.1 and later
Information in this document applies to any platform.
Microsoft AD Password Sync Connectors 18.104.22.168.15 was installed on Windows 2012 domain controllers to sync the passwords from AD to OIM. Then TLS 1.0 protocol on domain controllers was disabled and TLS 1.2 protocol was enabled on domain controllers. From then, Password Sync agents are unable to communicate with the OIM servers.
Whenever a user tries to change password, a contact object is being created in the domain controller. There is no exception no logged in the OIM application servers.
The issue can be reproduced with the following steps:
1. Disabled TLS 1.0
2. Enable TLS 1.2
3. Ad user change password
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!