vkhoury
New Member.
621 views

Password Sync Initialization Failed: Password Sync Disabled

Hi,
I'm using IDM 4.5. I was trying to configure Password Sync On AD domain. The AD domain is present on another windows server.
I've tryed to troubleshoot using the PassSynch Tool. No Error is found. The trace is as follows:
Thu Sep 27 15:47:34 2018 : Starting Checks on Driver Machine .....

Thu Sep 27 15:47:50 2018: Logging as joelle user.

Thu Sep 27 15:47:50 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : RPC Service is running
Thu Sep 27 15:47:50 2018 : Full DNS name of the driver machine is Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : The version of the Operating System is : Microsoft (build 9200)
Thu Sep 27 15:47:50 2018 : An AD driver instance is found configured on Remote Loader
Thu Sep 27 15:47:51 2018 : AD Driver which is configured with Connection port 8091 and Command port 8006 is running

Thu Sep 27 15:47:51 2018 : List of local files related to Driver are :
C:\NetIQ\IdentityManager\RemoteLoader\64bit\ADDriver.dll
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Config.txt
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Trac
Thu Sep 27 15:47:51 2018 : Driver version is "4.0.0.4">AD</product> and Build ID is oduct>
Thu Sep 27 15:47:51 2018 : The 'Driver Machine' value in the registry key[SOFTWARE\NOVELL\PASSSYNC] is : 1.

Thu Sep 27 15:47:51 2018 : The 'Domains' value in registry key[SOFTWARE\NOVELL\PASSSYNC\DATA] is IAM

Thu Sep 27 15:47:51 2018 : Number of subkeys(passwords cached) under the key[SOFTWARE\NOVELL\PASSSYNC\DATA\IAM]is 0


Thu Sep 27 15:47:51 2018 : Tests on this driver machine are done

Press any key to close this trace ...

Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....



Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....

Thu Sep 27 15:47:57 2018: Logging as joelle user.

Thu Sep 27 15:47:57 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:57 2018 : Checking the Domain Controller Joelle-Netiq-DC.iam.com ....

Running Basic Diagnostic Checks.

Password filter files installed on this DC are C:\Windows\System32\PWFILTER.DLL and C:\Windows\System32\PSEVENT.DLL

The value of 'Host Names'in DC[Joelle-Netiq-DC.iam.com] is having many strings. Modify it to have the name of driver machine which is [Joelle-Netiq-DC.iam.com]

The value of 'Host Names' '[NetIQ-Designer.iam.com]' in DC[Joelle-Netiq-DC.iam.com] is not same as the name of driver machine[Joelle-Netiq-DC.iam.com]

Opened key [SOFTWARE\NOVELL\PWFILTER\DATA].

The password was last updated for user BFarjallah on 26/9/2018 at 15 hrs and 40 mins
The password was last updated for user EChristy on 26/9/2018 at 16 hrs and 19 mins
The password was last updated for user PKhoury on 26/9/2018 at 13 hrs and 34 mins
The password was last updated for user VKhoury on 27/9/2018 at 15 hrs and 43 mins
No more items to process Currently
.
Number of Entries Processed is 6

Running RPC Checks.

Checking whether this tool can reach the filter through RPC
This tool can reach the filter through RPC

Checking if the filter can connect to the driver
pwFilter can connect to PassSync RPC server on driver machine - 0

Thu Sep 27 15:47:57 2018 : Tests on all DCs are done

Press any key to close this trace ...


However, I'm having the following error in the remote loader trace:<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>

The Trace file is as follows:
[09/27/18 15:44:22.934]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[09/27/18 15:44:22.934]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.934]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[09/27/18 15:44:22.934]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.934]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Sending...
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Document sent.
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received.
[09/27/18 15:44:22.950]:trace3 :
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received document for publisher channel
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Waiting for receive...
[09/27/18 15:44:22.950]:trace3 PT:Receiving DOM document from application.
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying input transformation policies.
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Populate DirXML-ADContext on initial user add'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "add-association") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-FormatConversions%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Enable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Disable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[09/27/18 15:44:22.950]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying schema mapping policies to input.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[09/27/18 15:44:22.965]:trace3 PT:Resolving association references.
[09/27/18 15:44:22.965]:trace3 PT:Applying event transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-etp-HandleMovesAndRenames%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation not-match "move|rename") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying publisher filter.
[09/27/18 15:44:22.965]:trace3 PT:Publisher processing status for .
[09/27/18 15:44:22.965]:trace3 PT:Applying command transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-ctp-UserNameMap%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: (if-class-name not-equal "User") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
Labels (1)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: Password Sync Initialization Failed: Password Sync Disab

vkhoury;2488122 wrote:
Hi,
I'm using IDM 4.5. I was trying to configure Password Sync On AD domain. The AD domain is present on another windows server.
I've tryed to troubleshoot using the PassSynch Tool. No Error is found. The trace is as follows:
Thu Sep 27 15:47:34 2018 : Starting Checks on Driver Machine .....

Thu Sep 27 15:47:50 2018: Logging as joelle user.

Thu Sep 27 15:47:50 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : RPC Service is running
Thu Sep 27 15:47:50 2018 : Full DNS name of the driver machine is Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : The version of the Operating System is : Microsoft (build 9200)
Thu Sep 27 15:47:50 2018 : An AD driver instance is found configured on Remote Loader
Thu Sep 27 15:47:51 2018 : AD Driver which is configured with Connection port 8091 and Command port 8006 is running

Thu Sep 27 15:47:51 2018 : List of local files related to Driver are :
C:\NetIQ\IdentityManager\RemoteLoader\64bit\ADDriver.dll
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Config.txt
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Trac
Thu Sep 27 15:47:51 2018 : Driver version is "4.0.0.4">AD</product> and Build ID is oduct>
Thu Sep 27 15:47:51 2018 : The 'Driver Machine' value in the registry key[SOFTWARE\NOVELL\PASSSYNC] is : 1.

Thu Sep 27 15:47:51 2018 : The 'Domains' value in registry key[SOFTWARE\NOVELL\PASSSYNC\DATA] is IAM

Thu Sep 27 15:47:51 2018 : Number of subkeys(passwords cached) under the key[SOFTWARE\NOVELL\PASSSYNC\DATA\IAM]is 0


Thu Sep 27 15:47:51 2018 : Tests on this driver machine are done

Press any key to close this trace ...

Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....



Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....

Thu Sep 27 15:47:57 2018: Logging as joelle user.

Thu Sep 27 15:47:57 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:57 2018 : Checking the Domain Controller Joelle-Netiq-DC.iam.com ....

Running Basic Diagnostic Checks.

Password filter files installed on this DC are C:\Windows\System32\PWFILTER.DLL and C:\Windows\System32\PSEVENT.DLL

The value of 'Host Names'in DC[Joelle-Netiq-DC.iam.com] is having many strings. Modify it to have the name of driver machine which is [Joelle-Netiq-DC.iam.com]

The value of 'Host Names' '[NetIQ-Designer.iam.com]' in DC[Joelle-Netiq-DC.iam.com] is not same as the name of driver machine[Joelle-Netiq-DC.iam.com]

Opened key [SOFTWARE\NOVELL\PWFILTER\DATA].

The password was last updated for user BFarjallah on 26/9/2018 at 15 hrs and 40 mins
The password was last updated for user EChristy on 26/9/2018 at 16 hrs and 19 mins
The password was last updated for user PKhoury on 26/9/2018 at 13 hrs and 34 mins
The password was last updated for user VKhoury on 27/9/2018 at 15 hrs and 43 mins
No more items to process Currently
.
Number of Entries Processed is 6

Running RPC Checks.

Checking whether this tool can reach the filter through RPC
This tool can reach the filter through RPC

Checking if the filter can connect to the driver
pwFilter can connect to PassSync RPC server on driver machine - 0

Thu Sep 27 15:47:57 2018 : Tests on all DCs are done

Press any key to close this trace ...


However, I'm having the following error in the remote loader trace:<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>

The Trace file is as follows:
[09/27/18 15:44:22.934]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[09/27/18 15:44:22.934]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.934]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[09/27/18 15:44:22.934]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.934]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Sending...
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Document sent.
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received.
[09/27/18 15:44:22.950]:trace3 :
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received document for publisher channel
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Waiting for receive...
[09/27/18 15:44:22.950]:trace3 PT:Receiving DOM document from application.
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying input transformation policies.
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Populate DirXML-ADContext on initial user add'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "add-association") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-FormatConversions%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Enable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Disable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[09/27/18 15:44:22.950]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying schema mapping policies to input.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[09/27/18 15:44:22.965]:trace3 PT:Resolving association references.
[09/27/18 15:44:22.965]:trace3 PT:Applying event transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-etp-HandleMovesAndRenames%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation not-match "move|rename") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying publisher filter.
[09/27/18 15:44:22.965]:trace3 PT:Publisher processing status for .
[09/27/18 15:44:22.965]:trace3 PT:Applying command transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-ctp-UserNameMap%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: (if-class-name not-equal "User") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>



You've configured SSL between the engine and remote loader, and then also between the remote loader and the domain controller? Both need to be present for password synchronization to work.

On the member server, load "idp.exe" from MicroSoft. When you can get that to do an SSL bind to your DC, SSL is configured correctly between the member and the DC. The rest of the setup is easy.
0 Likes
vkhoury
New Member.

Re: Password Sync Initialization Failed: Password Sync Disab

dgersic;2488126 wrote:
You've configured SSL between the engine and remote loader, and then also between the remote loader and the domain controller? Both need to be present for password synchronization to work.

On the member server, load "idp.exe" from MicroSoft. When you can get that to do an SSL bind to your DC, SSL is configured correctly between the member and the DC. The rest of the setup is easy.



I've configured a connection (not SSL connection) between the engine and the remote loader, and also between the remote loader and the domain controller. The connections are successful!
However, Password Sync is being disabled once triggered.
I've been referring to Geoffc Articles:
https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-1/
https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-2/

I don't know what's the issue since both connections are made.

Also, I'm not using an SSL connection, so do i need to load the idp.exe?
I also forgot to mention that the AD domain is present on windows server on Azure cloud.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Password Sync Initialization Failed: Password Sync Disab

vkhoury;2488159 wrote:
I've configured a connection (not SSL connection) between the engine and the remote loader, and also between the remote loader and the domain controller. The connections are successful!
However, Password Sync is being disabled once triggered.
I've been referring to Geoffc Articles:
https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-1/
https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-2/

I don't know what's the issue since both connections are made.

Also, I'm not using an SSL connection, so do i need to load the idp.exe?
I also forgot to mention that the AD domain is present on windows server on Azure cloud.


You need to be using an SSL encrypted connection. Set it to "negotiate" and let it figure it out. Where the DC is doesn't matter.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Password Sync Initialization Failed: Password Sync Disabled


> However, Password Sync is being disabled once triggered.
> I've been referring to Geoffc Articles:
> https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-1/
> https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-2/


Clearly this is your first mistake, using my articles.

You need to show us the RL trace in this case, since that is where that
Password sync disabled is coming from and might have better tracing.
Kick the RL trace to 25 or so to see the most info.


> I don't know what's the issue since both connections are made.
>
> Also, I'm not using an SSL connection, so do i need to load the
> idp.exe?
> I also forgot to mention that the AD domain is present on windows server
> on Azure cloud.
>
>


0 Likes
Knowledge Partner
Knowledge Partner

Re: Password Sync Initialization Failed: Password Sync Disab

geoffc;2488362 wrote:

> However, Password Sync is being disabled once triggered.
> I've been referring to Geoffc Articles:
> https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-1/
> https://www.netiq.com/communities/cool-solutions/active-directory-password-troubleshooter-tool-part-2/


Clearly this is your first mistake, using my articles.

You need to show us the RL trace in this case, since that is where that
Password sync disabled is coming from and might have better tracing.
Kick the RL trace to 25 or so to see the most info.


> I don't know what's the issue since both connections are made.
>
> Also, I'm not using an SSL connection, so do i need to load the
> idp.exe?
> I also forgot to mention that the AD domain is present on windows server
> on Azure cloud.
>
>



I'm reasonably sure that "Also, I'm not using an SSL connection..." is all we need to know. Without SSL, there will be no password sync.
0 Likes
vkhoury
New Member.

Re: Password Sync Initialization Failed: Password Sync Disab

vkhoury;2488122 wrote:
Hi,
I'm using IDM 4.5. I was trying to configure Password Sync On AD domain. The AD domain is present on another windows server.
I've tryed to troubleshoot using the PassSynch Tool. No Error is found. The trace is as follows:
Thu Sep 27 15:47:34 2018 : Starting Checks on Driver Machine .....

Thu Sep 27 15:47:50 2018: Logging as joelle user.

Thu Sep 27 15:47:50 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : RPC Service is running
Thu Sep 27 15:47:50 2018 : Full DNS name of the driver machine is Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:50 2018 : The version of the Operating System is : Microsoft (build 9200)
Thu Sep 27 15:47:50 2018 : An AD driver instance is found configured on Remote Loader
Thu Sep 27 15:47:51 2018 : AD Driver which is configured with Connection port 8091 and Command port 8006 is running

Thu Sep 27 15:47:51 2018 : List of local files related to Driver are :
C:\NetIQ\IdentityManager\RemoteLoader\64bit\ADDriver.dll
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Config.txt
C:\NetIQ\IdentityManager\RemoteLoader\64bit\iamDomain-Trac
Thu Sep 27 15:47:51 2018 : Driver version is "4.0.0.4">AD</product> and Build ID is oduct>
Thu Sep 27 15:47:51 2018 : The 'Driver Machine' value in the registry key[SOFTWARE\NOVELL\PASSSYNC] is : 1.

Thu Sep 27 15:47:51 2018 : The 'Domains' value in registry key[SOFTWARE\NOVELL\PASSSYNC\DATA] is IAM

Thu Sep 27 15:47:51 2018 : Number of subkeys(passwords cached) under the key[SOFTWARE\NOVELL\PASSSYNC\DATA\IAM]is 0


Thu Sep 27 15:47:51 2018 : Tests on this driver machine are done

Press any key to close this trace ...

Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....



Thu Sep 27 15:47:57 2018 : Starting Checks on All DCs .....

Thu Sep 27 15:47:57 2018: Logging as joelle user.

Thu Sep 27 15:47:57 2018 :
The List of all Domain Controllers -
1. Joelle-Netiq-DC.iam.com

Thu Sep 27 15:47:57 2018 : Checking the Domain Controller Joelle-Netiq-DC.iam.com ....

Running Basic Diagnostic Checks.

Password filter files installed on this DC are C:\Windows\System32\PWFILTER.DLL and C:\Windows\System32\PSEVENT.DLL

The value of 'Host Names'in DC[Joelle-Netiq-DC.iam.com] is having many strings. Modify it to have the name of driver machine which is [Joelle-Netiq-DC.iam.com]

The value of 'Host Names' '[NetIQ-Designer.iam.com]' in DC[Joelle-Netiq-DC.iam.com] is not same as the name of driver machine[Joelle-Netiq-DC.iam.com]

Opened key [SOFTWARE\NOVELL\PWFILTER\DATA].

The password was last updated for user BFarjallah on 26/9/2018 at 15 hrs and 40 mins
The password was last updated for user EChristy on 26/9/2018 at 16 hrs and 19 mins
The password was last updated for user PKhoury on 26/9/2018 at 13 hrs and 34 mins
The password was last updated for user VKhoury on 27/9/2018 at 15 hrs and 43 mins
No more items to process Currently
.
Number of Entries Processed is 6

Running RPC Checks.

Checking whether this tool can reach the filter through RPC
This tool can reach the filter through RPC

Checking if the filter can connect to the driver
pwFilter can connect to PassSync RPC server on driver machine - 0

Thu Sep 27 15:47:57 2018 : Tests on all DCs are done

Press any key to close this trace ...


However, I'm having the following error in the remote loader trace:<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>

The Trace file is as follows:
[09/27/18 15:44:22.934]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[09/27/18 15:44:22.934]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.934]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[09/27/18 15:44:22.934]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.934]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Sending...
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="Active Directory Driver##1661b0f0bbd##0" level="success"><application>DirXML</application>
<module>Active Directory Driver</module>
<object-dn>CN=Vanessa Khoury,OU=Inactive,DC=iam,DC=com (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Remote Interface Driver: Document sent.
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received.
[09/27/18 15:44:22.950]:trace3 :
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Received document for publisher channel
[09/27/18 15:44:22.950]:trace3 :Remote Interface Driver: Waiting for receive...
[09/27/18 15:44:22.950]:trace3 PT:Receiving DOM document from application.
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying input transformation policies.
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Populate DirXML-ADContext on initial user add'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "add-association") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-itp-FormatConversions%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Enable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockedByIntruder: Disable Locked By Intruder'.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.950]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Rule selected.
[09/27/18 15:44:22.950]:trace3 PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
[09/27/18 15:44:22.950]:trace3 PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[09/27/18 15:44:22.950]:trace3 PT:Policy returned:
[09/27/18 15:44:22.950]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.950]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[09/27/18 15:44:22.950]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.950]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[09/27/18 15:44:22.950]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.950]:trace3 PT: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "status") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying schema mapping policies to input.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[09/27/18 15:44:22.965]:trace3 PT:Resolving association references.
[09/27/18 15:44:22.965]:trace3 PT:Applying event transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-etp-HandleMovesAndRenames%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation not-match "move|rename") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'break if not a move or rename'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying publisher filter.
[09/27/18 15:44:22.965]:trace3 PT:Publisher processing status for .
[09/27/18 15:44:22.965]:trace3 PT:Applying command transformation policies.
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLADDCFG-pub-ctp-UserNameMap%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: (if-class-name not-equal "User") = TRUE.
[09/27/18 15:44:22.965]:trace3 PT: Rule selected.
[09/27/18 15:44:22.965]:trace3 PT: Applying rule 'consider user objects when name mapping is enabled'.
[09/27/18 15:44:22.965]:trace3 PT: Action: do-break().
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[09/27/18 15:44:22.965]:trace3 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>
</nds>
[09/27/18 15:44:22.965]:trace3 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[09/27/18 15:44:22.965]:trace3 PT: Applying to status #1.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "add") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify-password") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: (if-operation equal "modify") = FALSE.
[09/27/18 15:44:22.965]:trace3 PT: Rule rejected.
[09/27/18 15:44:22.965]:trace3 PT:Policy returned:
[09/27/18 15:44:22.965]:trace3 PT:
<nds dtdversion="2.2">
<source>
<product build="20140409_120000" instance="\IDVAULT-TREE\system\driverset1\Active Directory Driver" version="4.0.0.4">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="warning" type="driver-status">
<description>Password Sync Initialization Failed: Password Sync has been Disabled.</description>
</status>
</input>

I just realized that Password Sync just works on Password reset and not on Creation.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.