Hi,
Authentication stopped working. Error seen in bowsers are: "Unable to authenticate. (100101044NIDPMAIN.405-esp-347AC5083E98F281)"
ids jcc-0.log.0 says:
SEVERE: AM#100702018: Error sending periodic health
com.novell.jcc.client.HealthDispatcher sendHealth
Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
at com.novell.jcc.client.DMClientConnection.postMessage(y:2869)
at com.novell.jcc.client.HealthDispatcher.sendHealth(y:1116)
at com.novell.jcc.client.HealthDispatcher.sendHealth(y:3204)
at com.novell.jcc.schedule.HealthTask.execute(y:803)
at com.novell.jcc.schedule.JCCTask.run(y:699)
Backtracking the though the ids servers logs gets me to when it started, with following error:
Jul 14, 2023 10:25:47 AM com.novell.jcc.util.JCCUtils logSevere
SEVERE: AM#100702018: Error regenerating JCC cert
com.novell.jcc.schedule.CertUpdateTask execute
[LDAP: error code 49 - NDS error: failed authentication (-669)]
javax.naming.AuthenticationException: [LDAP: error code 49 - NDS error: failed authentication (-669)]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.novell.jcc.util.Configure.I(y:3465)
at com.novell.jcc.util.Configure.A(y:126)
at com.novell.jcc.util.Configure.regenerateAndInstallJCCKey(y:2044)
at com.novell.jcc.schedule.CertUpdateTask.execute(y:2627)
at com.novell.jcc.schedule.JCCTask.run(y:699)
I suspect that an admin password happened on the ads server, and now the ids cannot renew its certificate.
The question is, how do I get it back on track?