IDM services are failing to start due to the pki-tomcatd error "netscape.ldap.LDAPException: Authentication failed (49)"

Solution Verified - Updated -


When attempting to start the IDM services, the pki-tomcatd services fails to start.

[root@ipaserver ~]# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting httpd Service
Starting ipa-custodia Service
Starting ntpd Service
Starting pki-tomcatd Service
Failed to start pki-tomcatd Service
Shutting down
Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed
Aborting ipactl

[root@ipaserver ~]# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful

Checking /var/log/pki/pki-tomcatd/ca/debug log, you see the error below:

Internal Database Error encountered: Could not connect to LDAP server host port 636 Error netscape.ldap.LDAPException: Authentication failed (49)


  • Red Hat Enterprise Linux
  • Red Hat Identity Management

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content