javax.naming.PartialresultException when collecting Active Directory Security Groups in RSA Identity Governance and Lifecycle
3 years ago
Originally Published: 2016-12-14
Article Number
000043020
Applies To
RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: All
 
Issue
An AD Account Collector is getting an error on the test group filter when the Group Base DN is set to the root of the LDAP tree  (e. g., DC=sub,DC=acme,DC=com).

The error message in the UI is: 
javax.naming.PartialresultException 
[Root is javax.naming.CommunicationException: DomainDnsZones.sub.acme.com:389
[Root exception is java.net.ConnectionException:Connection time Out]]
User-added image
Cause
The Active Directory 'follow referrals' configure and group lookup fails when it tries a DNS lookup on the referral in the AD server root.

 

Resolution
Turn on the Ignore Referral option in the ADC collector by editing the collector definition, going to the Connection page (page 2), and clicking on the Ignore Referral option as shown below:
 
User-added image

Related Articles

Trending Articles

Don't see what you're looking for?