Hello Ram,
the AuthenticationException makes me believe that the bind password is missing or nor correct. Which matches your statement "I do not have bindDN password now" but it seems that the AD DC does not accept anonymous binds. Please can you double check that?
What exactly you you want to achieve? Should the new DC be added as a backup LDAP server? Or do you want to add the new DX as an additional user registry? If it should be configured as a backup LDAP it must be setup the same as the primary LDAP (it represents the same user population) and the bind user / pwd must be the same as well.
ad 2) The current bind password should be available either on security.xml or wimconfig.xml (in base64 encoded format --> you have to decode it before using it)
ad 3) Well you still have the primary AD working - right? So I assume that this one will be used. But you can in the logs to which user registry the server is connected
Hope this helps - Hermann
------------------------------
Hermann Huebler
2innovate IT Consulting GmbH
Vienna
Austria
#IBMChampion
------------------------------
Original Message:
Sent: Mon January 10, 2022 12:55 AM
From: Ramu T
Subject: Websphere - global security AD failover - adding new domain controller under failover - giving Authentication error
Hi All,
we have an AD domain controller configured in Websphere standalone 8.5.5.11 under federated. now we got a new domain controller which I have to add under failover. After adding when I am clicking ok I am getting the below error. this is throwing error for primary domain controller. I do not have bindDN password now.
1) Now, how to add/change a new domain controller primary/failover?
2) Any possibility to get the the password from any of the websphere files?
3) If AD configured user authentication is failing how app logins are authenticating now, should be an issue for all applications right? they are working.
------------------------------
Ram
------------------------------