000034559 - javax.naming.PartialresultException when collecting Active Directory Security Groups in RSA Identity Governance and Lifecycle

Document created by RSA Customer Support Employee on Dec 21, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034559
Applies ToRSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: All
IssueAn AD Account Collector is getting an error on the test group filter when the Group Base DN is set to the root of the LDAP tree  (e. g., DC=sub,DC=acme,DC=com).
The error message in the UI is:
[Root is javax.naming.CommunicationException: DomainDnsZones.sub.acme.com:389
[Root exception is java.net.ConnectionException:Connection time Out]]

User-added image
CauseThe Active Directory 'follow referrals' configure and group lookup fails when it tries a DNS lookup on the referral in the AD server root.
Turn on the Ignore Referral option in the ADC collector by editing the collector definition, going to the Connection page (page 2), and clicking on the Ignore Referral option as shown below:

User-added image