Connection to the server failed, prompting for password

  • Document ID:7007429
  • Creation Date:21-May-2012
  • Modified Date:10-Dec-2013
    • Micro Focus Products:
      GroupWise
      GroupWise Mobility Service

Environment

Novell Data Synchronizer Mobility Pack 1.2.1
LDAP Authentication for Mobility devices

Situation

  • Devices show the error:  "Connection to the server failed".
  • Devices prompt for password again, even though password has not changed.
  • Putting eDir/LDAP password back in, allows the device to work again.
  • Multiple Datasync servers use the same LDAP server.
  • User works for one log in, but fails the next using the same password.
  • In var/log/novell/datasync/connectors/default.pipeline1.mobility-AppInterface.log see the following details:
    • The log for UserA shows the error "Failed to Authenticate user UserA".
    • UserA received this error upon logging in: " LDAP Authentication Exception: {'info': 'NDS error: failed authentication (-669)', 'desc': 'Invalid credentials'}" occurs, in reference to that user.
  • One of the DataSync servers ran out of threads for mobility, but this was not happening in the time frame when the login errors occurred.

Resolution

In some cases, if this error occurs during an attempt to establish communication to a server, the remote IDs on the source and/or target servers are invalid.  To resolve a suspected remote ID issue, the user of the DSREPAIR Advanced menu option View Remote Server ID List.  Select any eDirectory server listed and then select the option to repair all remote IDs.  It would be better to start at least a ndsrepair -R, then proceeding to doing more general eDirectory Health Checks if needed, see TID 3564075 for help with general eDir Health Checks.

Workaround:
Verify that other LDAP Applications are working correctly
Change the Mobility server to use the eDir/LDAP password.
 
There are also a few customers who have found that the workaround in their case is to change the case of one of the characters in the user name, for example if the user name is bob changing it to Bob or bOb will trigger the Mobility connector to allow the login.  This situation is still being investigated.

Cause

Running out mobility threads can cause this in some situations.  In this particular situation though, it was caused by eDirectory having a replica out of sync, or having too many obits, or possibly eDirectory corruption.  Once eDirectory was cleaned up for this customer, the Mobility failed to authenticate issue disappeared.

Additional Information

NOTE: Doing an ndsrepair -R does lock the eDirectory database.  As such, if the database is on the larger size this task will keep the database locked until it is complete before unlocking.