ForgeRock Identity Platform
Does not apply to Identity Cloud

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] error when reinstalling an AM 6.x instance

Last updated Jan 12, 2023

The purpose of this article is to provide assistance if you encounter a "javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]" error when reinstalling an AM instance in a multi-server environment.


The following error is shown when you reinstall an AM instance in a site configuration:

The following errors were encountered reading the configuration of the existing servers: Error on An error occurred connecting to the server. Details: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] The replication tool will to try to update the configuration of all the servers in a best-effort mode. However it cannot guarantee that the servers that are generating errors will be updated.

However, the install proceeds and replication continues to work.

Recent Changes

Deleted an AM instance without stopping replication and then attempted to reinstall the instance in the site configuration.


The replication configuration is not removed when you delete an AM instance from a site, which means the remaining instances still have an entry for the removed instance.

You can observe this in the admin-backend.ldif file (located in /db/adminRoot in DS 6.5 and later or /db/admin in DS 6). For example, if you started with two instances (ds1 and ds2) and deleted ds2, you will still see the entry associated with the removed instance:

objectClass: groupOfUniqueNames uniqueMember: uniqueMember:

When you attempt to reinstall the second instance in the site configuration, a conflict occurs as the remaining instances' configuration has not been updated.


This issue can be resolved using one of the following approaches to update the remaining instances' configuration after deleting the AM instance:

  • Restart the AM instances that remain in the site after you have removed the instance but prior to reinstalling the instance. Restarting the other AM instances updates their configuration and therefore removes the entry of the removed instance.
  • Stop replication on the DS server associated with the instance you want to remove prior to removing it. You should use dsreplication to do this, for example:$ ./dsreplication unconfigure --unconfigureAll --hostname --port 4444 --adminUID admin --adminPassword password --trustAll --no-promptThis command removes the server's replication configuration from all other servers in the replication topology, meaning the remaining servers will not try to replicate to this server.

See How do I delete an AM 6.x instance from a site along with the replicated embedded DS server? for further details.

See Also

Installing and configuring AM

Related Training


Related Issue Tracker IDs

OPENAM-8646 (Clean up embedded OpenDJ replication config when a server is removed)

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.