My Oracle Support Banner

Active Directory Password Sync Does not Work with Discovery Port Open in the Firewall (Doc ID 742031.1)

Last updated on AUGUST 29, 2019

Applies to:

Identity Manager Connector - Version 9.0.4 to 9.1.0.1 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
Active Directory (AD)
Firewalls
JBoss



Symptoms

The Active Directory (AD) Password Sync Module is installed on a Domain Controller (DC) that is protected by a firewall. When trying to change the password for a user on AD, the ADPasswordSync fires up and then fails to login into the Oracle Identity Manager (OIM) Server running in the JBoss Application Server. The logs indicate that the OIM server is up, but the module tries to authenticate using the configured username /password but it does not authenticate successfully. The following error is seen in the log file:

 
ERROR
44433 [main] ERROR XELLERATE.ACCOUNTMANAGEMENT  - Class/Method:
--> tcUtilityFactory/getPropertyValue encounter some problems: {1}
javax.naming.CommunicationException [Root exception is java.rmi.ConnectException:
--> Connection refused to host: <IPAddress>; nested exception is:
        java.net.ConnectException: Connection timed out: connect]
        at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:707)

Changes

A firewall was placed in-between the DC and the OIM Server to control network traffic and the discovery port, for example, was not permitted in the firewall rules. Before this, the Password Sync was working fine.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.