My Oracle Support Banner

OUD 12c - DIP On Demand Password Synchronization Fails to Sync AD Passwords - The "debug log" Reports Error: "CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries" (Doc ID 2884551.1)

Last updated on JULY 27, 2022

Applies to:

Oracle Unified Directory - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Unable to ldapbind after changing password with Directory Integration Platform (DIP).

DIP does not synchronize Active Directory (AD) user passwords.

Other attributes sync correctly.

No DIP log errors related can be found.

After setting full debug in Oracle Unified Directory (OUD) server, the debug log shows:

[24/May/2022:23:21:08 -0400] 131 caught error thread={Worker Thread <thread>} threadDetail={parentThread=main(1) isDaemon=false clientConnection=LDAP client connection from <hostname:port> to <hostname:port> operation=BindOperation(connID=<connection id>, opID=0, protocol="LDAP 3, dn=<full user DN>, authType=Simple) } method={passwordMatches(AESPasswordStorageScheme.java:162)} caught={org.opends.server.types.CryptoManagerException: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries}
Stack Trace:
  at org.opends.server.crypto.CryptoManagerImpl.decrypt(CryptoManagerImpl.java:3105)
  at org.opends.server.extensions.AESPasswordStorageScheme.passwordMatches(AESPasswordStorageScheme.java:154)
  at org.opends.server.core.PasswordPolicyState.passwordMatches(PasswordPolicyState.java:3589)
  at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processSimpleBind(LocalBackendBindOperation.java:562)
  at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processLocalBind(LocalBackendBindOperation.java:237)
  at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:190)
  at org.opends.server.workflowelement.ovdplugin.eus.EusWorkflowElement.doExecute(EusWorkflowElement.java:467)
  at org.opends.server.workflowelement.SimpleWorkflowElement.execute(SimpleWorkflowElement.java:435)
  at org.opends.server.workflowelement.fa.FAWorkflowElement.execute(FAWorkflowElement.java:434)
  at org.opends.server.core.WorkflowImpl.execute(WorkflowImpl.java:504)
  at org.opends.server.core.WorkflowTopologyNode.execute(WorkflowTopologyNode.java:130)
  at org.opends.server.core.BindOperationBasis.run(BindOperationBasis.java:1106)
  at org.opends.server.extensions.TraditionalWorkerThread.run(TraditionalWorkerThread.java:166)

errors log shows:

[18/May/2022:13:50:12 -0400] category=EXTENSIONS severity=SEVERE_ERROR msgID=1311345 msg=Invalid Configuration. Directory Integration Platform will not synchronize any passwords, reason "An error occurred while trying to decrypt a value using password storage scheme AES:  CryptoManagerException(CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries)"

errors.log shows:

[2022-05-18T13:50:12.386-04:00] [instance1] [ERROR] [OUD-1311345] [EXTENSIONS] [host: <hostname>] [nwaddr: <IP>] [tid: <tid>] [userId: <user id>] [ecid: <ecid>] Invalid Configuration. Directory Integration Platform will not synchronize any passwords, reason "An error occurred while trying to decrypt a value using password storage scheme AES:  CryptoManagerException(CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries)"



Changes

Recreated the ads certificate using dsreplication > 13. Replication Certificate Management > 2. Regenerate the Certificate Used for Replication 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.