Error message "unable to contact directory server. LDAP_Replace failed!" in RSA Certificate Manager
Originally Published: 2008-03-08
Article Number
Applies To
RSA Version/Condition: 6.7, 6.8, 6.9
Platform: Microsoft Internet Explorer 6.0 SP2
Issue
Program Error LDAP_Query: [XrcXUDAUNABLE] unable to contact directory server. LDAP_Replace failed! objectclass (rainfo), dn (ramd5=<md5_of_RRM_admin.cert>) [<Back]
After receiving the above error on the browser, the RRM request does not show on RCM under request-active or request-approved options of RCM administrative interface -> Administrator Operations workbench -> RM Jurisdictions.
After receiving the above error on RCM, the jurisdiction to which a request was made from RRM is still listed under disabled jurisdictions (RRM administrative interface -> Administrator Operations workbench -> Jurisdictions -> disabled option) and it can not be removed from the list (as there's no checkbox against it).
Cause
[Note that the value 333888813334444666667777 shown in the rule below is an assumed md5 value for admin.cert and would be different for each RCM installation.]
# #access to RAINFO # access to filter="objectclass=RAinfo" by dn="md5=333888813334444666667777" write by dn=".*" read RSA Certificate Manager 6.9 Administrator's Guide, pages 372-373, incorrectly instructs to add Registration Manager's admin.cert MD5 to RAinfo rule. Instead, RSA Certificate Manager's admin.cert MD5 should be added to RAinfo rule.
Resolution
Additionally, RSA Registration Manager must be updated as listed below to allow another request for the jurisdiction that is in the disabled list on RRM but does not show up on RCM due to the problem described above:
- On RRM, go to listuclass utility: https://<RRM-host>:444/ra/admin/listuclass.xuda
- Click List against xuda_domain_config
- Click Edit against the first object listed on the page
- If the value for attribute RM_DISABLED is not set to 'true', click Back on the browser to go to the previous pages listing all xuda_domain_config objects and check the next object.
- If the value for attribute RM_DISABLED is set to 'true', click 'DELETE Object' button to delete the xuda_domain_config object.
- Close the browser.
- Now make a new request for the jurisdiction through RRM Administrator Operations workbench -> Jurisdictions -> available option.
Related Articles
Enable SSH using the command line on RSA Authentication Manager 8.4 and up Number of Views Troubleshooting Common Error Messages Number of Views Startup fails with 'Job for aveksa_server.service failed because the control process exited with error code' when starting… Number of Views Identity Sources for Cloud Access Service Number of Views How to create an external LDAP identity source in RSA Authentication Manager 8.1 SP1 or later Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
