Passwords changes made in AD are not going into eDirectory

  • 3304529
  • 25-Oct-2006
  • 10-Nov-2014

Environment

Novell Identity Manager Password Synchronization
Novell Identity Manager Nsure Identity Manager 2.0
Novell Identity Manager Driver- Active Directory Driver

Situation

Passwords changes made in AD are not going into eDirectory. The passwords get picked up by the filter but nothing shows up on Remote Loader traces set to level 3.
Password changes made directly on the domain controller running the remote loader sync fine.  However, password changes on other domain controllers do not sync.

The Password Sync filter in the Control Panel, Identity Manager PassSync applet shows the following problem.
- PwdFltGetDriverPublicKey() returned 0x000006BA
- PwdFltInitializeData() returned 0x000006BA
This is an RPC problem which translates it to 1722 which is RPC server could not be found.

In a level 5 Remote Loader trace of the AD driver startup you may also see another message pointing to the same RPC server problem.
- SetFilterInfo() returned 0x000006BA

Resolution

This is a Microsoft error. There is a document which can be used to troubleshoot the problem.
Troubleshooting "RPC Server is Unavailable" in Windows
The above mentioned document mentions steps to correct the problem.

We have seen the issue on Windows 2008R2 servers that is blocking communications.   A possible solution is to create firewall rules on each domain controller allowing all communications between that domain controller and the other domain controllers.   This has resolved the issue for some customers.