The RSA Identity Governance & Lifecycle AD Collector and AD ADC authentication source fail to establish a TLS 1.2 SSL connection with the AD LDAP server
Originally Published: 2018-06-19
Article Number
Applies To
RSA Version/Condition: 7.0.0, 7.0.1, 7.0.2
Issue
06/18/2018 00:15:00.416 ERROR (ApplyChangesRegularThread-103) [com.aveksa.collector.accountdata.LdapAccountDataReaderConfig] Error in getting connection to UserDirectory , Root Cause :
javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader com.aveksa.client.datacollector.framework.CollectorClassLoader@1395c8ec
[Root exception is javax.naming.CommunicationException: simple bind failed: 192.168.1.1:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]
...
Caused by: javax.naming.CommunicationException: simple bind failed: 192.168.1.1:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: .
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
..
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
A tcpdump packet trace of the SSL negotiation shows the SSL failure as Internal Error (80):
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Internal Error (80)Cause
Resolution
Related Articles
The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle Number of Views 'Host name configured is not listed in subject alternative names of certificate' and 'LDAP_CERT_HOSTNAME_MISMATCH_MSG_SHOR… Number of Views RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) reports this item failed: password does not meet comp… Number of Views How to Synchronize Nested AD Group Users from an RSA SecurID Access Identity Source Number of Views How to verify that RSA Authentication Agent for Windows can perform challenge user lookups across different Active Directo… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
