000033197 - RSA Identity Management and Governance 6.9.1 P12 Active Directory Identity Data Collector (IDC) collection fails with "Unprocessed Continuation Reference"

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Jul 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033197
Applies ToRSA Product Set: RSA Identity Management and Governance
RSA Version/Condition: 6.9.1 P12
IssueWhen doing a connection test the RSA Identity Management and Governance 6.9.1 P12 Active Directory Identity Data Collector (IDC) fails with the following result:

Collector test failed:
com.aveksa.server.runtime.ServerException: Test request failed with response:
com.aveksa.server.runtime.ServerException: java.lang.RuntimeException Caused By
Stack java.lang.RuntimeException at

The aveksaServer.log file () shows the following exception:
04/12/2016 11:14:57.713 ERROR (ApplyChangesRegularThread-165) [com.aveksa.client.datacollector.collectors.identitydatacollectors.readerImpl.JndiLdapConnector] 
Error occured in fetching users, Root Cause : Unprocessed Continuation Reference(s)
04/12/2016 11:14:57.713 ERROR (ApplyChangesRegularThread-165) [com.aveksa.client.datacollector.framework.DataCollectorManager]
FAILED method=Collect CollectionMetaInfo[{ID=11, run_id=1460474097611, collector_id=41, test-run=true, collector_name=Active Directory IDC,
at com.aveksa.client.datacollector.collectors.identitydatacollectors.readerImpl.JndiLdapConnector$UserDirectoryIterator.setContextAndGetUsers(JndiLdapConnector.java:1050)

If the collection is attempted, the collection status shows the following under "Admin Errors for Run":
EC[31002]Context[Collector Name=Active Directory IDC, Agent Name=AveksaAgent, Data Run ID=355Reason=java.lang.RuntimeException]Message[Data collection failed on the agent]



CauseThis issue may occur if the User Base DN of the search is set to the root of the domain (for example, DC=2k8r2-vcloud, DC=local) and the LDAP server is set to generate LDAP referrals.  The error occurs when RSA Identify Management and Governance attempts to incorrectly interpret the referral request as an error message. 
ResolutionThis issue is resolved in RSA Identity Management and Governance 6.9.1 P22 or later.  This issue does not exist in RSA Identity Governance and Lifecycle 7.0 GA version or later.
WorkaroundThis issue only occurs if the User Base DN is set to the root of the LDAP structure.  It may be possible to work around this issue by setting the User Base DN to an OU value that contains the user objects.  If there are multiple OU objects containing users then you must setup separate collectors for each OU.