Ask a Question

Advanced Search

Solution ID : SO13960

Last Modified : 06/21/2018

Error: CRITICAL (472/2496) vsaaldap.cpp(3823):Received error (id=97): Referral hop limit exceeded, while attempting a subtree search of server with: base and filter

Problem

When enrolling for a Symantec Managed PKI Service (MPKI) end-entity certificate, you may receive the following error message:

A001

CRITICAL (472/2496) vsaaldap.cpp(3823):Received error (id=97): Referral hop limit exceeded, while attempting a subtree search of server <IP_ADDRESS> with: base <DN_INFO> and filter <FILTER_INFO>

Cause

This error occurs when connection to the active directory is timing out.

Solution

To resolve this issue, narrow down the verification base dn as much as possible.  In the vskmsrv.cfg (MPKI 6.1.3 and below) or vsrasrv.cfg (MPKI 7.0 and above, modify to VER_LDAP_BASE_DN and restart the service.  Once completed, try another test enrollment.