OIM java.net.NoRouteToHostException: No route to host

OIM java.net.NoRouteToHostException: No route to host org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.NoRouteToHostException: No route to host
January 21, 2015
OIM-11gR2

Don't get confused with the java.net.SocketException: Network is unreachable, which simply means that the server is not reachable. You can test this by doing a simple ping against the IP address and/or the hostname.


Other Error Message

Other Error Messages:

org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.SocketException: Network is unreachable

https://technicalconfessions.com/images/postimages/postimages/_356_3_OIM no route to host.png

Note: If your IP works though your hostname doesn't, then it's likely a DNS issue. If you have 2 servers (or as I have it, 2 VMs) within the same subnet, you can determine this by logging in as root and editing the nameserver with the IP address within the /etc/resolv.conf file. Once you've done that, try pinging the hostname again

https://technicalconfessions.com/images/postimages/postimages/_356_4_incorrect IP address within Active Directory Connector Server for OIM AD.png

Now, going back to the No route to host

https://technicalconfessions.com/images/postimages/postimages/_356_5_host configuration for OIM and AD connections.png

Now, going back to the No route to host

org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.NoRouteToHostException: No route to host

https://technicalconfessions.com/images/postimages/postimages/_356_6_Changed host for Active Directory Connector Server.png

Knowing you can connect to the AD server, ensure the connector server service is running on the AD domain (or if you have a separate server running the connector server, test that instead)

Once that's been tested, log into the (identity system administration) sysadmin console and click on 'system configuration' on the right hand side. Within there you will see both the connector server AND the AD server. The simple visual error does not indicate which host is not reachable. Ensure within the IT resource 'host' parameter contains either the IP address or the hostname. My issue wasn't that the Active Directory IT Resource was unreachable but in fact the connector server was no reachable.

In my case I had to change the nameserver within the /etc/resolv.conf configuration file. Furthermore, I changed the host from the IP address to now the full hostname+domain (in my case it's hostname1.technicalconfessions.local)

https://technicalconfessions.com/images/postimages/postimages/_356_9_Ensure the resolv.conf file matches to the AD VM.png
https://technicalconfessions.com/images/postimages/postimages/_356_13_Remote server plugin.png

About the author

Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.
Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles

Comments

Other Posts

AWS-PHP integration - Email not sent. SMTP Error: Could not authenticate.

phpsmtpaws

February 6, 2020
Created by: Daniel Redfern
AS I was migrating my environment into an S3 environment, I wanted to leverage off the SES services that AWS provide, more specifically, to leverage the off the SMTP functionality by sending an email via PHP
Read More...

SOLUTION: no headers files (.h) found in softwareserial - Arduino

Arduino

February 24, 2019
Created by: Daniel Redfern
The WeMos D1 is a ESP8266 WiFi based board is an extension to the current out-of-the-box library that comes with the Arduino installation. Because of this, you need to import in the libraries as well as acknowledging the specific board. This process is highly confusion with a number of different individuals talking about a number of different ways to integrate.
Read More...

NameID element must be present as part of the Subject in the Response message

ShibbolethSAML

August 7, 2018
Created by: Daniel Redfern
NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Read More...

HOW TO provision AD group membership from OpenIDM

OpenIDMICFAD-connector

June 15, 2018
Created by: Daniel Redfern
For what I see, there's not too many supportive documentations out there that will demonstrate how provision AD group membership with the ICF connector using OpenIDM. The use of the special ldapGroups attribute is not explained anywhere in the Integrators guides to to the date of this blog. This quick blog identifies the tasks required to provision AD group membership from OpenIDM to AD using the LDAP ICF connector. However this doesn't really explain what ldapGroups actually does and there's no real worked example of how to go from an Assignment to ldapGroups to an assigned group in AD. I wrote up a wiki article for my own reference: AD group memberships automatically to users This is just my view, others may disagree, but I think the implementation experience could be improved with some more documentation and a more detailed example here.
Read More...

ForgeRock OpenIDM - InvalidCredentialException: Remote framework key is invalid

ICFIDMOpenIDMOpenICF

November 8, 2017
Created by: Daniel Redfern
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...

org.forgerock.script.exception.ScriptCompilationException: missing ; before statement

IDMsync.confforgerockopenidm

November 8, 2017
Created by: Daniel Redfern
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...

ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statemen

OpenIDMsync.confForgeRock

September 17, 2017
Created by: Daniel Redfern
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...

Caused by: org.forgerock.json.resource.BadRequestException: Target does not support attribute groups

OpenIDMForgeRockICFConnector

September 17, 2017
Created by: Daniel Redfern
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
Read More...

ForgeRock OpenIDM - InvalidCredentialException: Remote framework key is invalid

OpenIDMForgeRockICFConnectorAD

September 17, 2017
Created by: Daniel Redfern
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...

ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_g

OpenIDMIDMGoogleGoogle-AppsICFreconciliation

September 12, 2017
Created by: Daniel Redfern
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Read More...