ESIC Error 'Authentication of user for native request failed' with LDAP Setup

(Doc ID 2267755.1)

Last updated on MAY 25, 2017

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 7.3.3.0.0 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)

Symptoms

In Oracle Financial Services Analytical Applications (OFSAA) 7.3.3, in an environment with an LDAP login, when you try to initialize a batch using ESIC, the batch fails with Exit Status -4:

esic -JI -UTESTUSER1 -PjG5q+LX2X2JnyE+sOHDk6g== -RBATCH1_2 -IOFSAAINFOD -BBATCH1 -D20161130 -F/u01/ofsaa
[AESCryptorImpl.handleJVM]->INFO: JVM created successfully...
[LOG] Starting up.....
Host IP ...xxx.xxx.xx.xxx
EXIT STATUS = -4


The following error is output to the ESIC log in $FIC_APP_HOME/icc/log:

INFORM::clsCommandLine::CallIntialize::Infodom
MISFDM
INFORM::clsIccInterface::CallIccAPI::Message to be sent :
INFO::SocketClientImpl::Read : More than Zero bytes
00000069
INFO::SocketClientImpl::Read : More than Zero bytes
##ICC##I##-1##-4##Authentication of user for native request failed.##
INFORM::clsIccInterface::ProcessReturnDataMessage received from ICC
##ICC##I##-1##-4##Authentication of user for native request failed.##

The following error is output to the iccserver.log in $FIC_APP_HOME/icc/log:

[16:41:06,237] - Request for validating userid and password for: TESTUSER1
[16:41:06,258] - Illegal userid or password: [SC:0][ST:0][SST:0][Oper:0][Version:0][EF:true][D:null][S:null][U:null][PT:0][P:null[S][SMSME.SMSLOGIN_INFO]]
[16:41:06,258] - Authentication of user for native request failed.
[16:41:06,258] - Writing to native socket: ##ICC##I##-1##-4##Authentication of user for native request failed.## with padding
[16:41:06,259] - Error writing to client.


Finally, the following exists in the SMSService.log in $FIC_APP_HOME/common/FICServer/logs:

[UMMLOG] May 5,17 11:30:47 : [LDAPLOGIN]Exception
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580 ]
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
       at com.iflex.fic.ficserver.services.sms.ldap.service.LDAPLogin.getLDAPDirContext(LDAPLogin.java:132)
       at com.iflex.fic.ficserver.services.sms.ldap.service.handlers.LDAPUserHandler.retrieveUser(LDAPUserHandler.java:529)
       at com.iflex.fic.ficserver.services.sms.LDAPLoginService.authenticateUserForLogin(LDAPLoginService.java:82)
       at com.iflex.fic.ficserver.services.sms.LoginServices.authenticateUser(LoginServices.java:93)
       at com.iflex.fic.ficserver.services.sms.LoginServices.handleLoginRequest(LoginServices.java:65)
       at com.iflex.fic.ficserver.services.sms.SMSServiceProvider.handleRequest(SMSServiceProvider.java:988)
       at com.iflex.fic.newservice.ServiceProxy.invokeService(ServiceProxy.java:184)
       at com.iflex.fic.newservice.NewServiceMaster.provideService(NewServiceMaster.java:211)
       at com.iflex.fic.newservice.DynamicServiceManager.provideService(DynamicServiceManager.java:297)
       at com.iflex.fic.ficserver.JavaRequestHandler.handleRequest(JavaRequestHandler.java:546)
       at com.iflex.fic.ficserver.JavaSocketConnection.run(JavaSocketConnection.java:202)

The password for the user in CSSMS_USR_PROFILE matches the password used in the ESIC command so you do not understand why the ESIC batch fails with this error.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms