Mauricio,
Suggest you enable full text logging, so you can capture the data flow in JCS ADS logs and the CCS ADS logs to see the root-cause.
Install Microsoft Sysinternals Process Explorer tool, and monitor the JCS when it starts, and confirm that it (and only it) starts the CCS service.
- The JCS must have full knowledge of the CCS cache status, and it will only have that if it is the service that restart (and stops) the CCS service.
- If the two (2) services are disjointed via different install packages, you may be experiencing this behavior based on the error message you have shown.
Here is a view of using MS Sysinternal Process Explorer tool.
- And using MS Powershell to count the number of CCS-> ADS connections during testing (bulk and performance).
- If you have issues with this behavior, then uninstall the JCS package; reboot; Install the JCS package with the embedded CCS service cleanly. Confirm that the JCS can stop & start the CCS service. Important: The JCS service is set to "automatic" start. The CCS service is set to "manual" start. Do NOT change this behavior. JCS must start this service to be aware the CCS cache status.
A view of the CCS cache. After it has been populated by the JCS service.
- You can connect via ldap to this service on TCP 20402.
Validate the etpki library update has happen, if you are at release 14.5 (or higher). If this is NOT done, then the JCS will not be able to start up the CCS service.
A) Open administrator command line window for ETPKI install and type: (these must be executed at the CLI)
Warning Note: setup.exe will NOT return any visual response.
setup.exe install caller=IMPSSERVER veryverbose
setup.exe install caller=IMPSMANAGER veryverbose
B) To confirm success - open C:\users\XXXXXX\appdata\local\temp\etpki_install.log and confirm status code 0.
- May type %TEMP% within a command line window or MS Windows Explorer window to jump to this folder.
- Also you may view MS Registry for string added with version for etpki to check the version was updated.
HKLM\SOFTWARE\WOW6432Node\ComputerAssociates\Shared\CAPKI5\Dependencies\
##### #####
As Anthony mentioned, if you have mixed release versions between different components of the solution stack, you may experience different behavior (ekpki encryption libraries & jars in the JCS have been updated between releases).
Hope this help with your RCA efforts.
Cheers,
------------------------------
Alan Baugher
ANA
------------------------------
Original Message:
Sent: Dec 06, 2024 01:43 PM
From: Mauricio Camacho
Subject: Failed to activate connector type on proxy connector server
Hi Community.
We're facing an issue when we try to provision accounts to AD endpoint. We downloaded and installed the patch to upgrade our CCS from v14.4.2 to v14.5. When we installed it in our CCS (External/Windows) machine, it finished successfully. But when we tested a provisioning task, the connection between IDM and External CS began to fail with the error showed in the image below:
:ETA_E_0016<AAC>, Account for Global User 'c799070112' on Active Directory Endpoint 'AD_Produccion' creation failed: :ETA_E_0004<AAC>, Active Dir. Account 'andragag' on 'AD_Produccion' creation failed: Connector Server Add failed: code 53 (UNWILLING_TO_PERFORM): failed to add entry eTNamespaceName=ActiveDirectory,dc=im,dc=etasa: JCS@SRCAIDSTRPD02: Failed to activate connector type on proxy connector server: JCS@SRCAIDSTRPD02: Failed to connect to proxy connector server: ldap://localhost:20402 (ldaps://10.208.24.145:20411) |
Additionaly we tested by uninstalling the previous version of our C++ Connector Server (Windows/External), the one which we applied the patch to upgrade to v14.5, and then we installed the new version of the Connector Server (clean install v14.5), but the result was the same. We're still facing the same error when we try to provision accounts to AD.
Please your help on this.
Thanks in advance.