Error message "unable to contact directory server. LDAP_Replace failed!" in RSA Certificate Manager
Originally Published: 2008-03-08
Article Number
Applies To
RSA Version/Condition: 6.7, 6.8, 6.9
Platform: Microsoft Internet Explorer 6.0 SP2
Issue
Program Error LDAP_Query: [XrcXUDAUNABLE] unable to contact directory server. LDAP_Replace failed! objectclass (rainfo), dn (ramd5=<md5_of_RRM_admin.cert>) [<Back]
After receiving the above error on the browser, the RRM request does not show on RCM under request-active or request-approved options of RCM administrative interface -> Administrator Operations workbench -> RM Jurisdictions.
After receiving the above error on RCM, the jurisdiction to which a request was made from RRM is still listed under disabled jurisdictions (RRM administrative interface -> Administrator Operations workbench -> Jurisdictions -> disabled option) and it can not be removed from the list (as there's no checkbox against it).
Cause
[Note that the value 333888813334444666667777 shown in the rule below is an assumed md5 value for admin.cert and would be different for each RCM installation.]
# #access to RAINFO # access to filter="objectclass=RAinfo" by dn="md5=333888813334444666667777" write by dn=".*" read RSA Certificate Manager 6.9 Administrator's Guide, pages 372-373, incorrectly instructs to add Registration Manager's admin.cert MD5 to RAinfo rule. Instead, RSA Certificate Manager's admin.cert MD5 should be added to RAinfo rule.
Resolution
Additionally, RSA Registration Manager must be updated as listed below to allow another request for the jurisdiction that is in the disabled list on RRM but does not show up on RCM due to the problem described above:
- On RRM, go to listuclass utility: https://<RRM-host>:444/ra/admin/listuclass.xuda
- Click List against xuda_domain_config
- Click Edit against the first object listed on the page
- If the value for attribute RM_DISABLED is not set to 'true', click Back on the browser to go to the previous pages listing all xuda_domain_config objects and check the next object.
- If the value for attribute RM_DISABLED is set to 'true', click 'DELETE Object' button to delete the xuda_domain_config object.
- Close the browser.
- Now make a new request for the jurisdiction through RRM Administrator Operations workbench -> Jurisdictions -> available option.
Related Articles
Enable SSH using the command line on RSA Authentication Manager 8.4 and up Number of Views Just-in-time synchronization failed - unable to contact directory server with RSA Cloud Authentication Service (CAS) Number of Views Unable to activate virtual host certificate; RSA Authentication Manager is unable to activate your selected certificate at… Number of Views Troubleshooting Common Error Messages Number of Views How to Include or Exclude an Active Directory OU from the Microsoft LDAP directory on RSA Authentication Manager 8.x Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
