Symantec IGA

Hi All,

We have an Active Directory endpoint in CA Identity manager which is working but from last 3 days we are getting an error as 'Active Directory Endpoint read Failed: Error decrypting attribute eTADSAuthPWD: attribute eTADSPortNum has been modified since this attribute was encrypted.  Please reset the encrypted attribute. ]'

We have not made any changes in the CA Identity Manager with respect to the Endpoint and is it something issue on the AD side. Please let us know if anyone has faced a similar issue as this made the user provisioning failed to the endpoint.

Any help would be appreciated

Regards,

Rajesh

Based on the message it looks like the endpoint setting for Use SSL or Not Use SSL was toggled. Please check to make sure it is set the way you want it now and then re-enter the Password of the ID used to acquire the AD endpoint to resolve the error.

Thanks KennyV for the response. From the user console updated the AD Endpoint password of the user but that also didnot updated the password on the server but The error is fixed after updating the Password of the ID used in AD Endpoint from Provisioning Manager. Not sure if there is some issue between provisioning server and Identity Manager applicaton which impacted this

Regards,

Rajesh

Hi All,

We are getting same error again. From the provisioning manager we didnot updated any details so want to check how to toggle the port number in the connector server. Also want to check if the connector server unable to access the server with the port will it modifies the property file and lead to the error?

Checking if anyone has faced a similar issue earlier

Regards,

Rajesh

When toggling the "Use SSL" or "Do Not Use SSL" setting on the AD Endpoint the modify request also needs to include the password for the AD Endpoint's Proxy ID. If this setting is getting toggled your Provisioning Server's etatrans log (set to level=7) would show the following where the eTADSUseSSL attribute would be set to value 0 (Do Not Use SSL) or value 1 (Use SSL).

20180323:094512:TID=001f88:Modify :E982:----:S: External Modify (eTADSDirectoryName=MyEndpoint) Requested by User imadmin
20180323:094512:TID=001f88:Modify :E982:----:P: dn: eTADSDirectoryName=MyEndpoint,eTNamespaceName=ActiveDirectory,dc=im
20180323:094512:TID=001f88:Modify :E982:----:P: eTADSAuthPWD: ** NOT SHOWN ** [REPLACE]
20180323:094512:TID=001f88:Modify :E982:----:P: eTADSUseSSL: 0 [REPLACE]

If further assistance is needed you may be best with opening a support case.

Hi All,

If the connector server lost all connections to the end point due to some network issue which is solved after 30 minutes will the connector server restores the connection again or it skips as the maximum attempts reached earlier.

Why I am asking it is in our AD case we are not modifying any attributes but due to network issue we are losing connection with ldap error code 52 Server Down after which we started getting error ldap error 53 unwilling to perform due to Error decrypting attribute eTADSAuthPWD: attribute eTADSPortNum has been modified since this attribute was encrypted.  Please reset the encrypted attribute

Regards,

Rajesh

Hi Rajesh

As Kenny already suggested, your best bet is to open an issue with CA Support.

KR
Russi