Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Database Performance Analyzer (DPA) > Cannot authenticate to remote DPA instances from a Central DPA using AD/LDAP

Cannot authenticate to remote DPA instances from a Central DPA using AD/LDAP

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 38 Votes: 0 Revisions: 11

Overview

You cannot authenticate to a remote DPA instance from the DPA Central Server. This can happen in the following cases:

  • The DPA Central Server cannot connect to your AD/LDAP domain server.
  • The credentials supplied are invalid.
 

This is a side effect of one of our anti-lockout features for AD/LDAP. Many AD/LDAP servers are configured to lock out user accounts for failed passwords. To avoid locking accounts, we don't try to log on to any remote instances using AD/LDAP if you don't log on to the Central DPA with a valid AD/LDAP credential first.

Resolution

  • Log on to the Central DPA using valid AD/LDAP credentials.
    -or- 
  • Log on to each remote DPA instance separately without using the Central DPA.
    -or- 
  • If your AD/LDAP server does not lock out user accounts for failed password failures, you can configure your Central DPA instance to always attempt authentication with remote DPA servers:
    1. Edit the file <dpa>\iwc\tomcat\ignite_config\idc\system.properties
    2. Add the following line:
      com.confio.iwc.client.factory.ldap.login.on.fail=true
    3. Save the file and then restart the Central DPA. 

 

Last modified
19:07, 22 Jun 2016

Tags

Classifications

Public