Friday Jul 01, 2011

EPM 11.1.2 - In Foundation Services, binder exception causing login and lockout issues with MSAD provider

Possible symptoms and errors:

  1. EPMCSS-00301: FAILED TO AUTHENICATE USER INVALID CREDENTIALS error thrown upon login into workspace even with correct credentials
  2. MSAD account gets locked after successive login failure attempts
  3. Unable to login with native "admin" and MSAD admin user

SharedServices_Security.log file shows the following,

[FoundationServices0] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 18] [userId: <anonymous>] [ecid: 0000J2MAfXF6QPP6yf7i6G1DyLC900000p,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [APP: WORKSPACE#] [SRC_METHOD: init] Failed to get connection [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db0] from connection pool for user directory <directory_name>. Error executing query. {2}. Verify user directory configuration.


AcceptSecurityContext error, data 775, v1db0” means the bind userid or the bind password for MSAD is not set correctly. This could be the reason that the account is getting locked out. The MSAD provider code is trying to initialize the msad provider with the provided user/password. After three attempts of a bad login, MSAD locks out the account.

If “admin” user is not able to login, that could be because there could be duplicate “admin” user both in MSAD and Native Directory. First it goes to MSAD and authentication fails as it is not able to get the JDNI connection and then it goes to Native Directory. It fails with Native Directory because of password mismatch.


  1. validate the MSAD bind userid and password in the MSAD configuration screen in HSS.
  2. change the password for MSAD provider and restart foundation services
  3. By: Ruben V