Provisioning Server Service Does Not Start - Error Code 21

Document ID : KB000006423
Last Modified Date : 05/10/2018
Show Technical Document Details
Issue:

After either rebooting the Provisioning Server machine or restarting all DSAs and the Provisioning Server, the Provisioning Server service does not start.

From Service window we have the error message:

"error code 21"

Environment:
Identity Manager 12.x
Cause:

The im_ps.log file display the following messages:

[14:21:06.078:00000B38] reading config file D:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\fips.conf

TLS: can't connect.

[14:21:09.218:00000B38] backend_startup: bi_db_open 0 failed!

[14:21:09.265:00000B38] slapd stopped.

[14:21:09.265:00000B38] connections_destroy: nothing to destroy.

 

Check the <hostname>-impd-main.dxc file under DX_HOME\config\ssld\personalities

The "Not After" line shows that is expired.

i.e Not After : Feb 22 19:28:51 2017 GMT

 

Resolution:

Because the certificate expired, re-create all DSAs certificates.

Follow these steps:

1. Backup your DX_HOME\config\ssld folder.

2. Stop all Connector Servers C++ and Java.

3. Stop all DSAs running "dxserver stop all".

4. From DX_HOME\config\bin, run the following command:

       dxcertgen -d <Number_of_Days> certs

       i.e dxcertgen -d 3650 certs       it will generate new certificates valid for 10 years

5. Start all DSAs running "dxserver start all".

6. Start both Connector Servers C++ and Java.

7. Start Provisioning Server service.