If the Active Directory connector fails to contact Active Directory over SSL and the following error message displays, restart the Active Directory domain controller.
Failed to open connection to ldaps://server.example.com:636, error(91): Cannot connect to the LDAP server, reason: SSL_ForceHandshake failed: (-5938) Encountered end of file.
If detecting and applying change in Active Directory fails, it may be the result of insufficient permissions. If a non-administrator account is used for the Active Directory connector, then the default permissions for this user are not sufficient. Some operations, such as a resynchronization process from Active Directory to Directory Server, succeed while other operations, such as detecting and applying changes in Active Directory, fail abruptly. For example, if you synchronize the deletions from Active Directory to Directory Server, then even full permissions are insufficient. To resolve this problem, you must use a Domain Administrator account for the Active Directory connector.