jensr84 Absent Member.
Absent Member.
670 views

AD Driver Could not set password via platform call. Err=1722


Hi,

when modifying the password of a user object via the iManager it is not
synchronized with the active directory.

The relevant entries of the trace log file are:

> DirXML: [12/01/11 16:38:00.12]: ADDriver: object changes complete
> DirXML: [12/01/11 16:38:00.19]: Loader: Received 'subscriber execute'
> document
> DirXML: [12/01/11 16:38:00.19]: Loader: XML Document:
> DirXML: [12/01/11 16:38:00.19]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <modify-password class-name="user" event-id="pwd-subscribe"
> qualified-src-dn="O=data\OU=users\CN=neu" src-dn="data\users\neu"
> src-entry-id="33544">
> <association>fae039413082064fb767944e7a7de2c6</association>
> <password><!-- content suppressed --></password>
> </modify-password>
> </input>
> </nds>
> DirXML: [12/01/11 16:38:00.19]: Loader: Calling
> subscriptionShim->execute()
> DirXML: [12/01/11 16:38:00.19]: Loader: XML Document:
> DirXML: [12/01/11 16:38:00.19]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <modify-password class-name="user" event-id="pwd-subscribe"
> qualified-src-dn="O=data\OU=users\CN=neu" src-dn="data\users\neu"
> src-entry-id="33544">
> <association>fae039413082064fb767944e7a7de2c6</association>
> <password><!-- content suppressed --></password>
> </modify-password>
> </input>
> </nds>
> DirXML: [12/01/11 16:38:00.19]: ADDriver: parse command
>
> className user
> destDN
> eventId pwd-subscribe
> association fae039413082064fb767944e7a7de2c6
> DirXML: [12/01/11 16:38:00.19]: ADDriver: parse modify password
> DirXML: [12/01/11 16:38:00.19]: ADDriver: change password: old=(none),
> new=***
> DirXML: [12/01/11 16:38:00.19]: ADDriver: Could not set password via
> platform call. Err=1722
> DirXML: [12/01/11 16:38:00.19]: Loader: subscriptionShim->execute()
> returned:
> DirXML: [12/01/11 16:38:00.19]: Loader: XML Document:
> DirXML: [12/01/11 16:38:00.19]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\VAULT\system\driverset1\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="error" type="driver-general"
> event-id="pwd-subscribe">Could not set password via platform call.
> Err=1722</status>
> </output>
> </nds>
> DirXML: [12/01/11 16:38:00.19]:
> DirXML Log Event -------------------
> Driver = \VAULT\system\driverset1\Active Directory Driver
> Thread = Subscriber Channel
> Level = error
> Message = Could not set password via platform call. Err=1722


Does someone know what in detail the error code 1722 means and how I
can fix this problem?

Best regards
Jens


--
jensr84
------------------------------------------------------------------------
jensr84's Profile: http://forums.novell.com/member.php?userid=120431
View this thread: http://forums.novell.com/showthread.php?t=448990

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: AD Driver Could not set password via platform call. Err=1722

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Googling for error 1722 shows that the RPC is unavailable. Is the
Remote Loader running on a DC? Is there anything strange about that DC
that would cause its RPC service to be unavailable?

Good luck.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO16rcAAoJEF+XTK08PnB5clMQAMSr1FfD+QaueTsWQ4MnzfQt
+VN/L3uzdo7v8OFg06W47aU56ipwCNN24JMok4d+WgRm9PRHsesIriBuhP1N/wwX
o0uADwxRU4Wks1RcPWObLZseBfQRGM5PrLnhtrZckGcWNK6JYzltdoxHEdzn+v5v
mdLNIorJEyjxSQSFrvvMgXWWXCPixaQjkcIee2UIzjlD2GCq4OIacK8eXI0dB4zn
IZE4trlsmgG8wrHfGLJ35uMAlL4/djbvGJkgi72ZVQcx8YipziDLLERdIN/bvOvW
uHuLWJrCZGtAwTzfZbB0battqL7sWmU5wSP4OqUEGZf159OpcZlr9AJPIFG47Oft
YSQ4v9mwTN1ywk3cTPiho2/YhprfjvvrdYwg0OdnBXCoELzGMDpCgWDNYX+Ck+tM
MXJuy7Z7fELXV0lfvNmf+borxBBeWF2UT4rUTVzvME86joPqRRIVpsM4crt1nigD
egyC/zDZgXxR/1MTTOsw1gk9Bcn1aGFnR0vVFRu4FjdDJppN4ksa23l7kggUdgQL
f1RI2FaWpBUheNn3usXMXMn67jOHEsJSd+hsZMCYdlwR0YaU/HVWGNE7gdLM3hyt
KmOHFIADCOrClag0Il2DfcO9GUPN932vFBYDAsTzmINdH6TdnjUGjzBb0RtChLaS
y661c5uJ7Ztviz3qU20G
=uWda
-----END PGP SIGNATURE-----
0 Likes
Knowledge Partner
Knowledge Partner

Re: AD Driver Could not set password via platform call. Err=1722

On 01.12.2011 17:16, jensr84 wrote:
>> Message = Could not set password via platform call. Err=1722

>
> Does someone know what in detail the error code 1722 means and how I
> can fix this problem?


This is likely a problem with your Active Directory DC. What it means is
"The RPC server is unavailable."

Do you have IDM 4.0-3.6.1-3.5.1 Active Directory driver version 3.5.13
Patch 6 installed by any chance? If you had installed this, then this
could explain the error. Even if you had installed patch 6 and later
patched to a later version, you MUST have followed the instructions in
the later patch to correctly update or revert the problematic password
sync filter.

Otherwise, I'd try a restart of the domain controller and see if there
are any MS patches that may help with this error.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
BEbinger Absent Member.
Absent Member.

Re: AD Driver Could not set password via platform call. Err=1722


The Remote Loader has been installed from the Identity Manager 4.0.1
Advanced ISO and no patch has been installed later on.
I followed your advice and installed the "IDM 4.0.1-3.6.1-3.5.1 Active
Directory driver version 3.5.14 Patch 8" on the DC running the remote
loader but this does not fix the problem.

>
> DirXML: [12/06/11 11:25:11.80]: ADDriver: parse command
>
> className user
> destDN
> eventId pwd-subscribe
> association 0497d7b79346c64ba206fc4ad781a882
> DirXML: [12/06/11 11:25:11.80]: ADDriver: parse modify password
> DirXML: [12/06/11 11:25:11.80]: ADDriver: Connect using ldap_bind:
> user=Administrator, domain=, password=***, method=negotiate, server=,
> sign=no, seal=no ssl=no
> DirXML: [12/06/11 11:25:11.80]: ADDriver: ldap_bind connection
> succeeded
> DirXML: [12/06/11 11:25:11.80]: ADDriver: change password: old=(none),
> new=***
> DirXML: [12/06/11 11:25:11.84]: ADDriver: Could not set password via
> platform call. Err=1722
> DirXML: [12/06/11 11:25:11.86]: Loader: subscriptionShim->execute()
> returned:
> DirXML: [12/06/11 11:25:11.86]: Loader: XML Document:
> DirXML: [12/06/11 11:25:11.86]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\VAULT\system\driverset1\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="error" type="driver-general"
> event-id="pwd-subscribe">Could not set password via platform call.
> Err=1722</status>
> </output>
> </nds>
> DirXML: [12/06/11 11:25:11.86]:
> DirXML Log Event -------------------
> Driver = \VAULT\system\driverset1\Active Directory Driver
> Thread = Subscriber Channel
> Level = error
> Message = Could not set password via platform call. Err=1722
> DirXML: [12/06/11 11:25:22.11]: Loader: Received document from
> publicationShim
> DirXML: [12/06/11 11:25:22.11]: Loader: XML Document:
> DirXML: [12/06/11 11:25:22.11]: <nds dtdversion="2.2">
> <source>
> <product version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <status level="success" type="heartbeat"/>
> </input>
> </nds>


The User object is synchronized successfully, the only problem ist the
password.

Best regards
Jens


--
BEbinger
------------------------------------------------------------------------
BEbinger's Profile: http://forums.novell.com/member.php?userid=25569
View this thread: http://forums.novell.com/showthread.php?t=448990

0 Likes
BEbinger Absent Member.
Absent Member.

Re: AD Driver Could not set password via platform call. Err=1722


The Remote Loader has been installed from the Identity Manager 4.0.1
Advanced ISO and no patch has been installed later on.
I followed your advice and installed the "IDM 4.0.1-3.6.1-3.5.1 Active
Directory driver version 3.5.14 Patch 8" on the DC running the remote
loader but this does not fix the problem.

>
> DirXML: [12/06/11 11:25:11.80]: ADDriver: parse command
>
> className user
> destDN
> eventId pwd-subscribe
> association 0497d7b79346c64ba206fc4ad781a882
> DirXML: [12/06/11 11:25:11.80]: ADDriver: parse modify password
> DirXML: [12/06/11 11:25:11.80]: ADDriver: Connect using ldap_bind:
> user=Administrator, domain=, password=***, method=negotiate, server=,
> sign=no, seal=no ssl=no
> DirXML: [12/06/11 11:25:11.80]: ADDriver: ldap_bind connection
> succeeded
> DirXML: [12/06/11 11:25:11.80]: ADDriver: change password: old=(none),
> new=***
> DirXML: [12/06/11 11:25:11.84]: ADDriver: Could not set password via
> platform call. Err=1722
> DirXML: [12/06/11 11:25:11.86]: Loader: subscriptionShim->execute()
> returned:
> DirXML: [12/06/11 11:25:11.86]: Loader: XML Document:
> DirXML: [12/06/11 11:25:11.86]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\VAULT\system\driverset1\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="error" type="driver-general"
> event-id="pwd-subscribe">Could not set password via platform call.
> Err=1722</status>
> </output>
> </nds>
> DirXML: [12/06/11 11:25:11.86]:
> DirXML Log Event -------------------
> Driver = \VAULT\system\driverset1\Active Directory Driver
> Thread = Subscriber Channel
> Level = error
> Message = Could not set password via platform call. Err=1722
> DirXML: [12/06/11 11:25:22.11]: Loader: Received document from
> publicationShim
> DirXML: [12/06/11 11:25:22.11]: Loader: XML Document:
> DirXML: [12/06/11 11:25:22.11]: <nds dtdversion="2.2">
> <source>
> <product version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <status level="success" type="heartbeat"/>
> </input>
> </nds>


The User object is synchronized successfully, the only problem is the
password.

Best regards
Jens


--
BEbinger
------------------------------------------------------------------------
BEbinger's Profile: http://forums.novell.com/member.php?userid=25569
View this thread: http://forums.novell.com/showthread.php?t=448990

0 Likes
Knowledge Partner
Knowledge Partner

Re: AD Driver Could not set password via platform call. Err=1722

On 06.12.2011 11:36, BEbinger wrote:
>
> The Remote Loader has been installed from the Identity Manager 4.0.1
> Advanced ISO and no patch has been installed later on.
> I followed your advice and installed the "IDM 4.0.1-3.6.1-3.5.1 Active
> Directory driver version 3.5.14 Patch 8" on the DC running the remote
> loader but this does not fix the problem.


There can be several reasons for this issue. Most of the issues are
either due to incorrect or overtly secure network/firewall
confifguration between domain controllers.

Check your firewall config
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7005894


Try this TID for other troubleshooting tips.

http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3554990


There is another TID
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3304529
which mentions your specififc issue, however the microsoft knowledge
base article it links to no longer exists. There are also lots of other
Microsoft troubleshooting articles explaining how to troubleshoot RPC
issues.

I only mentioned the patch 6 as a possible cause (this patch has been
recalled by Novell because it exhausted RPC resources on the domain
controllers where the password sync filter was installed).
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
BEbinger Absent Member.
Absent Member.

Re: AD Driver Could not set password via platform call. Err=1722


I found the problem:

>
> Driver for Active Directory Implementation Guide
>
> 6.1 Setting Up SSL
>
> For the driver to set a password in Active Directory (Subscriber
> channel), it must have a secure
> connection provided by one of the following conditions:
> ...


So I set the option "Use SSL for LDAP connection between Driver Shim
and AD" in the driver configuration to "yes" and now passwords are
published to the AD.

Thanks a lot
Jens


--
BEbinger
------------------------------------------------------------------------
BEbinger's Profile: http://forums.novell.com/member.php?userid=25569
View this thread: http://forums.novell.com/showthread.php?t=448990

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.