Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide

How to Determine a Connector’s Current State?

You can determine the current state of the connectors involved in synchronization, using the Status pane in the Console, the idsync printstat command (as shown previously), or by looking in the central audit.log.

Search for the last message in the audit.log that reports the connector state. For example, in the following log message you can see that connector CNN101 is in the READY state.

[2006/03/19 10:20:16.889 -0600]
 INFO    13  SysMgr_100 host1
  "Connector [CNN101] is now in state "READY"."

How to Determine a Connector’s Current State describes the different connector states.

Table 12–1 Connector State Meanings




The connector has not been installed. 


The connector has been installed, but it has not received its configuration. 


The connector has been installed and has received its configuration, but it has not started to synchronize. 


The connector has been installed, has received its configuration, and has attempted to start synchronizing. 

What to Do if the Connector is in the UNINSTALLED State?

Install the connector.

What to Do if the Connector Install Failed but You Cannot Reinstall?

If the connector installation failed, but the Identity Synchronization for Windows installation program thinks that the connector is installed, the installation program will not allow you to reinstall the connector.

Run idsync resetconn (as described in Using resetconn) to reset the connector’s state to UNINSTALLED, and then re-install the connector.

What to Do if the Connector is in the INSTALLED State?

If a connector remains in the installed state for a long period of time, then most likely it is not running, or it is unable to communicate with the Message Queue.

At the machine where the connector was installed, look in the connector’s logs (audit.log and error.log) for potential errors. If the connector cannot connect to the Message Queue, then that error will be reported here. If this is the case, see Troubleshooting Message Queue for possible causes.

If the most recent messages in the audit log are old, then perhaps the connector is not running. See Troubleshooting Components.

What to Do if the Connector is in the READY State?

A connector remains in the READY state until synchronization has been started and all of its subcomponents have been installed and have connected to the connector. If synchronization has not been started, then start it using the Console or command line utility.

If synchronization has been started, but a connector does not enter the SYNCING state, then there is likely a problem with subcomponent. See Troubleshooting Subcomponents

What to Do if the Connector is in the SYNCING State?

If all connectors are in the SYNCING state, but modifications are not being synchronized, then verify that the synchronization settings are correct:

What to Do if the Active Directory Connector Fails to Contact Active Directory Over SSL?

If the Active Directory Connector fails to contact Active Directory over SSL and the following error message displays, restart the AD domain controller.

Failed to open connection to
error(91): Cannot connect to the LDAP server,
reason: SSL_ForceHandshake failed: (-5938)
Encountered end of file.

What to Do if Detecting and Applying Changes in Active Directory Fails?

If a non-admin account is used for the Active Directory connector, then the default permissions for this user are not sufficient. Some operations such as a resync process from Active Directory to Directory Server succeeds, but other operations such as detecting and applying changes in Active Directory could fail abruptly. For example, if you synchronize the deletions from Active Directory to Directory Server, then even full control is insufficient. To resolve this, you must use a Domain Administrator account for the Active Directory connector.