Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products
Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In
Create an Account
Dell Financial Services
Premier Sign In
Partner Program Sign In
IDPA ACM fails to update the LDAP password after it was changed in Active Directory with error "Failed to update AD password"
This KB Article helps resolving a problem where ACM cannot update the LDAP password in its configuration files after it was changed in the Active Directory
Summary:
This KB Article helps resolving a problem where ACM cannot update the LDAP password in its configuration files after it was changed in the Active Directory
ACM's log (/usr/local/dataprotection/var/configmgr/server_data/logs/server.log) shows the following error
ERROR [http-nio-8543-exec-3]-util.RestUtil: Rest execution failed due to authentication failed.
ERROR [http-nio-8543-exec-3]-dpcadapter.DPCUtil: checkDPCLDAPConnection --> Unable to execute request on DPC. Exception: com.emc.vcedpa.common.exception.ApplianceException: REST API execution failed. Authentication failed.
at com.emc.vcedpa.common.util.RestUtil.validateResponseStatus(RestUtil.java:184)
at com.emc.vcedpa.common.util.RestUtil.executeRequest(RestUtil.java:130)
at com.emc.vcedpa.common.util.RestUtil.executeRequest(RestUtil.java:88)
at com.emc.vcedpa.dpcadapter.DPCUtil.checkDpcLdapConnection(DPCUtil.java:199)
at com.emc.vcedpa.restadapter.LoginService.changePasswordLdapUser(LoginService.java:882
DPC's elg log (/var/log/dpc/elg/elg.log) shows
ERROR localhost-startStop-1 c.e.c.s.a.l.ADLdapAuthenticationProvider Ignoring AD authentication. Verification of ldap settings failed. Failed to connect to LDAP - <active_directory_shortname>:389; nested exception is javax.naming.CommunicationException: <active_directory_shortname>:389 [Root exception is java.net.UnknownHostException: <active_directory_shortname>]
WARN localhost-startStop-1 c.e.c.s.a.l.ADLdapAuthenticationProvider Ignoring AD authentication. Verification of ldap settings via test connection failed
Cause
DPC server is not able to resolve Active Directory short name via DNS and that is causing DPC to fail to connect to the Active Directory.
Resolution
1- Login to DPC as user admin
2-
su -
3-
cd /var/lib/dpc/elg
4-
vi ldap.properties
Change the line:
elg.ldap.server.urls=ldap://<active_directory_shortname>:389
to
elg.ldap.server.urls=ldap://<active_directory_fully_qualified_domain_name>:389
5- Save the file
6-
/usr/local/dpc/bin/dpc stop
7-
/usr/local/dpc/bin/dpc start
Note: Make sure Active Directory Fully Qualified Domain Name can be resolved from DPC via DNS by using nslookup. If nslookup does not resolve the Fully Qualified DOmain Name then the DNS server needs to be fixed.
Integrated Data Protection Appliance Family
Product
Data Protection Central, Integrated Data Protection Appliance Family
Last Published Date
20 Nov 2020
Version
Article Type
Solution
