Symantec IGA

Hello. We've got this problem about creating an endpoint to Active Directory from CA Identity Manager.

So the problem is we cannot connect to the connector from the Active Directory. In our scenario, we are using the Non-Production type of the Identity Suite v14.2 and we set up two VMs for the connector server (Windows Server 2012) and the Active Directory itself (Windows Server 2016). The reason for putting connector server and Active Directory separately is because of this document that shows the requirement for installing the Connector Server Connectors and Endpoint Types - CA Identity Manager - 14.0 - CA Technologies Documentation said that it requires the Windows Server 2012 as the OS. We also have another VM (Windows Server 2012) and has the external database inside using SQL Server 2017 for the Virtual Appliance configuration. 

For the set up for both connector server and Active Directory, following this tutorial How to Connect to Active Directory - CA Identity Management & Governance Connectors - CA Technologies Documentation , we have done these steps:

1. In the Active Directory, we have created  user directory.

2. In the Connector Server, we have installed the Connector Servers (C++ Connector Server and Java Connector Server) inside.

3. Both of the Active Directory and Connector Server have joined their domain

We have set up the Connector Server on the localhost. However, we kept on getting this automatically connected exter nal connector server when we try to connect to the server like the figure shown below.

The problem occurred when we installed the Connector Server (C++ and Java) inside our localhost (Windows 10).

Our question is do we need to install the connector server in the localhost?

If not, where do we need to install the connector server?

Also do we need to set up the CA IAM Connector Server (the one that is provided in the virtual appliance), and what do we need to input for this scenario?

Thank you very much.

From the screenshot it looks like you have a CSConfig object defined to a C++ Connector Server (port 20403) but by default the C++ Connector Server does not bind to an External NIC so that would not work.

I see there is another route defined to the Java Connector Server (port 2011) on that same host which is correct (assuming that is the Windows machine) but as we can see from the External Tools page the virtual appliance Provisioning Server cannot reach that Java Connector Server. Perhaps there is a firewall blocking the communication between the virtual appliance and that host so you should check on that.

If you continue to have problems then it might be best for you to open a support case so that you can work on this further with support on a webex session.

Hi Kenny,

Thank you for your reply. We have tried what you told us to do. However, we are still getting a new external connector server automatically created by the system. Is there any way to remove this? Also, what is the cause of this problem? Thank you.

Best Regards,

Franky Sanjaya

Here is a screenshot of the connector server appearing on the external connector server tab

It is not clear to me if the 192.168.0.106 is the Connector Server installed as a vapp node in which case it is ok for it to be there or if this IP is to a non-vapp node. If it is to a non-vapp node and you no longer want it listed then you can click on the trash can icon to the right of it. You can also use ConnectorXpress to manage the CSConfig objects.

As I mentioned in my initial reply, if you continue to have problems then it might be best for you to open a support case so that you can work on this further with support on a webex session.