Error message "unable to contact directory server. LDAP_Replace failed!" in RSA Certificate Manager
Originally Published: 2008-03-08
Article Number
Applies To
RSA Version/Condition: 6.7, 6.8, 6.9
Platform: Microsoft Internet Explorer 6.0 SP2
Issue
Program Error LDAP_Query: [XrcXUDAUNABLE] unable to contact directory server. LDAP_Replace failed! objectclass (rainfo), dn (ramd5=<md5_of_RRM_admin.cert>) [<Back]
After receiving the above error on the browser, the RRM request does not show on RCM under request-active or request-approved options of RCM administrative interface -> Administrator Operations workbench -> RM Jurisdictions.
After receiving the above error on RCM, the jurisdiction to which a request was made from RRM is still listed under disabled jurisdictions (RRM administrative interface -> Administrator Operations workbench -> Jurisdictions -> disabled option) and it can not be removed from the list (as there's no checkbox against it).
Cause
[Note that the value 333888813334444666667777 shown in the rule below is an assumed md5 value for admin.cert and would be different for each RCM installation.]
# #access to RAINFO # access to filter="objectclass=RAinfo" by dn="md5=333888813334444666667777" write by dn=".*" read RSA Certificate Manager 6.9 Administrator's Guide, pages 372-373, incorrectly instructs to add Registration Manager's admin.cert MD5 to RAinfo rule. Instead, RSA Certificate Manager's admin.cert MD5 should be added to RAinfo rule.
Resolution
Additionally, RSA Registration Manager must be updated as listed below to allow another request for the jurisdiction that is in the disabled list on RRM but does not show up on RCM due to the problem described above:
- On RRM, go to listuclass utility: https://<RRM-host>:444/ra/admin/listuclass.xuda
- Click List against xuda_domain_config
- Click Edit against the first object listed on the page
- If the value for attribute RM_DISABLED is not set to 'true', click Back on the browser to go to the previous pages listing all xuda_domain_config objects and check the next object.
- If the value for attribute RM_DISABLED is set to 'true', click 'DELETE Object' button to delete the xuda_domain_config object.
- Close the browser.
- Now make a new request for the jurisdiction through RRM Administrator Operations workbench -> Jurisdictions -> available option.
Related Articles
REST harness generates an error message unable to read a known contact list for RSA Authentication Manager Prime Number of Views Unsuccessful connection to RSA SecurID Access: Authentication token was either missing or invalid Number of Views Troubleshooting end user authentication failures with the RSA SecurID Access Cloud Authentication Service Number of Views RSA ID Plus Cloud Administration Console Forgot Password link is not working Number of Views Unable to load bean named CTKIPServerService when importing a token via CTKIP to RSA SecurID Software Token Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
