NetWorker: AD/LDAP Integration Failing with Common LDAP Error Codes "LDAP: error code 49"
Summary: This KB outlines some common Lightweight Directory Access Protocol (LDAP) error codes. These errors may appear when integrating external authority with NetWorker authentication and indicate an error occurring at the LDAP level. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
There are several common LDAP error codes which indicate an issue with the fields being specified when attempting to configure AD LDAP external authentication. Example:
Error executing command. Failure: 400 Bad Request. Server message: Failed to verify configuration configuration-name: An authentication error occurred while accessing the naming or directory service: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
The AD-specific data code is highlighted above. Other data codes may appear:
|
Data Code
|
Meaning |
| 525 | User not found |
| 52e | Invalid credentials |
| 530 | Not permitted to log in at this time. |
| 531 | Not permitted to log in to this workstation. |
| 533 | Account disabled |
| 534 | The user has not been granted the requested login type at this machine. |
| 701 | The account has expired. |
| 773 | User must reset their password. |
| 775 | User account locked. |
Common Active Directory LDAP bind errors:
80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 HEX: 0x525 - user not found DEC: 1317 - ERROR_NO_SUCH_USER (The specified account does not exist.) NOTE: Returns when username is invalid. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 HEX: 0x52e - invalid credentials DEC: 1326 - ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.) NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893 HEX: 0x530 - not permitted to logon at this time DEC: 1328 - ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.) NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 HEX: 0x531 - not permitted to logon from this workstation DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) LDAP[userWorkstations: <multivalued list of workstation names>] NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893 HEX: 0x532 - password expired DEC: 1330 - ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.) LDAP[userAccountControl: <bitmask=0x00800000>] - PASSWORDEXPIRED NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893 HEX: 0x533 - account disabled DEC: 1331 - ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.) LDAP[userAccountControl: <bitmask=0x00000002>] - ACCOUNTDISABLE NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893 HEX: 0x701 - account expired DEC: 1793 - ERROR_ACCOUNT_EXPIRED (The user's account has expired.) LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] - ACCOUNTEXPIRED NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893 HEX: 0x773 - user must reset password DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user's password must be changed before logging on the first time.) LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] - MUST_CHANGE_PASSWD NOTE: Returns only when presented with valid username and password/credential. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893 HEX: 0x775 - account locked out DEC: 1909 - ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.) LDAP[userAccountControl: <bitmask=0x00000010>] - LOCKOUT NOTE: Returns even if invalid password is presented
Cause
These are non-NetWorker LDAP-related error codes.
The most common error observed when integrating external authentication with NetWorker is LDAP error 49 data 52e - invalid credentials.
Resolution
To confirm the configuration user's Distinguished Name (DN), you can run the following:
Windows Server:
On the domain controller, open an Administrator PowerShell prompt. Use the
Syntax:
Example:
Get-ADuser command to collect the Distinguished name of the bind account you want to use:
Syntax:
Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=DOMAIN" | findstr username
Example:
PS C:\Users\Administrator> Get-ADUser -Filter * -SearchBase "DC=amer,DC=lan" | findstr Administrator DistinguishedName : CN=Administrator,CN=Users,DC=amer,DC=lan Name : Administrator SamAccountName : Administrator
Linux Server:
On a Linux server with
Syntax:
Example:
ldapsearch (non-NetWorker tool) installed, run:
Syntax:
ldapsearch -x -h LDAP_SERVER -D "DOMAIN\AD_BIND_USER" -W cn=AD_BIND_USER -b DC=DOMAIN,DC=DOMAIN | grep dn
Example:
[root@linux ~]# ldapsearch -x -h dc.amer.lan -D "amer\Administrator" -W cn=Administrator -b DC=amer,DC=lan | grep dn Enter LDAP Password: dn: CN=Administrator,CN=Users,DC=amer,DC=lan
NOTE:
ldapsearch is a third-party utility. It is typically included with the openldap-clients package, and can be installed by the system administrator. ldapsearch can be used when using AD or a Linux LDAP server.
Use the DN as shown from your corresponding command output as the configuration user when adding your external authority.
Ensure that the correct password is used for the user account specified.
Additional Information
Affected Products
NetWorkerProducts
NetWorkerArticle Properties
Article Number: 000165267
Article Type: Solution
Last Modified: 04 Jun 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.