When a user unsuccessfully attempts to authenticate the following error may be reported in the event logs.
Error Description: Error connecting to domain '<FQDN of managed child domain>': One or more errors occurred."
OR
The following error may be reported in the verbose logs
<d3p1:Description>Exception of type 'QPM.Common.Exceptions.DomainResolvingException' was thrown.</d3p1:Description>
This issue is caused when the default DC is listed as Priority 1. Password Manager makes a request for an IP address or a server name to be resolved and the DC is unable to do so. This reason is external to Password Manager.
Password Manager runs the ‘Environment Checker’ scheduled task to see if all DC’s are working. If it finds a ‘faulty’ DC it moves it down to the bottom of the priority list and the other DC’s in the list are then re-pritorised. However, Password Manager does not reprioritise the “Default DC” down the list since Active Directory failover should re-assign a different DC as default if it detects a faulty or unavailable DC and therefore as far as Password Manager is concerned there should always be a good DC available as the default.
So, if Password Manager is attempting to resolve against a “Default DC” and if that DC is unable to resolve the domain name as requested, then unless that DC is seen as faulty by Active Directory and does a failover to an alternate DC, Password Manager is caught and the “DomainResolvingException” or the "Error connecting to the domain" error is then displayed.
Workaround:
By listing DC’s by name in the priority list then if there is a detectable problem that DC will be re-prioritized to ensure continuing service.
Re-arrange the DC priority list as follows:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center