When running the setup for IMU the "Verify Configuration" option fails with the message:
"Cannot verify the configuration because a domain controller can't be found for the domain."
"Check the domain name, then click Verify Configuration" again."
A Global Catalog cannot be contacted. In some environment IMU may be trying to contact the wrong Domain Controller (DC) or a DC behind a firewall.
1 - Stop the Quest Identity Manager Service
2 - Edit the jvmargs.cfg file found in the installation folder for Quest Identity Manager and specify the reachable domain controllers that have a global catalog as well.
The setting is in th last stanza of the file:
###############################################################################
# Uncomment the following and restart the service to use a configuration file
# to specify which domain controllers may be contacted. This is useful in
# situations where discovery via DNS may point to domain controllers that are
# firewalled, for example.
#
# The format of the configuration file is specified in the documentation, but
# should look something like the following, for example:
#
# <forest>
# <domainControllers>
# <domainController address="ad1.my.domain"/>
# <domainController address="ad2.my.domain"/>
# </domainControllers>
# </forest>
#
# The value of the setting must be the absolute location of the configuration
# file, and must end in ".xml" for this release.
###############################################################################
#-Dimu.activeDirectoryConfig=/location/of/activeDirectoryConfig.xml
An example would be:
-Dimu.activeDirectoryConfig=C:\Program Files\Quest Software\Identity Manager for Unix\activeDirectoryConfig.xml
2 - Then create the activeDirectoryConfig.xml file and ensure no hidden text extension is saved in the name.
The C:\Program Files\Quest Software\Identity Manager for Unix\activeDirectoryConfig.xml file could contain:
<!-- Active Directory configuration for MyDomain -->
<forest>
<domainControllers>
<domainController address="ad1.my.domain"/>
<domainController address="ad2.my.domain"/>
</domainControllers>
</forest>
Note that the xml comment format is
<!-- this is a comment -->
not
# this is an unsupported comment format that will cause IMU to fail to start
3 - Start the Quest Identity Manger Service and then test the connection
If this did not resolve the issue, please turn on IMU debugging. For instruction click here.
There is a new version Quest Identify Manager for Unix (IMU) 1.0 which has been renamed. It is now called Quest One Management Console for Unix (MCU) 2.0. We recommend you install the new Quest One Management Console for Unix.
You can download it by going to www.quest.com/support and logging in.
Then on your left hand side in the grey section type in Quest Aut and select Quest Authentication Services and click the search icon.
You should see the Quest One Management Console for Unix 2.0 Complete Package (zip) Download
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center