You are here: Administrator's Guide > Securing FME Server > Connecting to Active Directory > Troubleshooting Active Directory Configurations > Failure to Connect to Active Directory Server (SSL)

Failure to Connect to Active Directory Server (SSL)

Symptom

When connecting to Active Directory with SECURITY_AD_USE_SSL=true, the following message appears in the log file:

(Active Directory) Exception: "LDAPException(resultCode=91 (connect error),

errorMessage='An error occurred while attempting to connect to server "...":

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:

PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ...

(Active Directory) Failed to connect to an available server, or no servers were available.

Cause

SSL certificate verification was enabled, but failed because the Certificate Authority (CA) was not trusted.

Resolution 1

If available, import the Certificate Authority (CA) certificate.

Resolution 2

Temporarily disable SSL certificate verification using the SECURITY_AD_VERIFY_SSL_CERTIFICATES parameter in fmeCommonConfig.txt. This is not recommended in production environments.