In this article  :

• Issue description

• Prerequisites

• Possible causes

• Resolution

• How to reach support

• Related topics and articles

Issue description  

While attempting to configure a tenant under the Cloud Directory module in ADAudit Plus, users may encounter the following error message:

java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

This error typically occurs due to issues with the Java security certificate store (cacerts), which is used by ADAudit Plus to establish secure HTTPS connections with external services such as Microsoft Entra ID (formerly known as Azure AD).

Additionally, users may encounter other related errors, such as:

• Lifetime validation error – the token has expired.

• This request is throttled. Please try again after the value (in seconds) specified in the Retry-After header.

Prerequisites  

• You must have access to the server where ADAudit Plus is installed.

• The server must have internet access to download necessary files.

• You need the ability to stop and start the ManageEngine ADAudit Plus service.

Possible causes  

• The default Java keystore (cacerts) used by ADAudit Plus may be outdated, causing the SSL context initialization to fail.

• A large volume of data is being queried from Microsoft Entra ID, causing the access token to expire before the operation completes.

• API throttling by Microsoft Azure is occurring due to the request rate limit being exceeded across applications that use the same application ID.

Resolution  

Error 1: java.security.NoSuchAlgorithmException  

To resolve this issue, you must replace the outdated cacerts file with an updated version.

1. Download the updated cacerts file.

2. Stop the ManageEngine ADAudit Plus service:

• Open the Run dialog (Windows Key + R), type services.msc, and press Enter.

• Locate and stop the ManageEngine ADAudit Plus service.

3. Navigate to the following directory: <Installation_Directory>\jre\lib\security

4. Rename the existing cacerts file to old_cacerts and move it outside the installation folder for backup purposes.

5. Paste the newly downloaded cacerts file into this directory.

6. Restart the ManageEngine ADAudit Plus service from the Services console.

Error 2: Lifetime validation error – the token has expired  

This error typically occurs when a large volume of Microsoft Entra ID data is being collected and the access token expires before completion. No user action is required, as the system will automatically retry the operation in the next fetch cycle.

Error 3: Request is throttled by Azure  

This message indicates that Azure has restricted the request rate due to Microsoft Graph API service limits. This is not an error generated by ADAudit Plus. According to Microsoft, the identity and access audit logs API allows 100 requests per 10 seconds. Throttling can occur if multiple tools or scripts are using the same application ID and collectively exceed this limit.

Recommended action:

• Review other applications or services that might be using the same Azure app registration.

• If needed, create a dedicated application ID for ADAudit Plus to avoid shared usage conflicts.

How to reach support  

If the issue persists or you require further assistance, please contact the ManageEngine ADAudit Plus support team at support@adauditplus.com.

Related topics and articles  

• Cloud directory troubleshooting