I have the following problem with the IDM3 Active Directory driver.

Driver is set up to synchronize users, groups and tree structure only Edir
to AD direction (subscriber channel).
Everything works fine except password synchronization. Some times the
password synchronizes, some times I get the following error in the driver
log: “Could not set password via platform call Err=5 (access denied)” The
error happens at random times and in the same way it disappears. For
instance in the evening I set the password for test user via iManager and
in the driver log I see the mentioned error. I do nothing, come the next
morning try to set password again and now I see in the log that password
change in AD was successful.
Sometimes the error disappears after I restart the remote loader service,
some times not.
The same happens when I create new user: if in that moment password sync is
working then it is ok, if it is not working, I get an error in AD trace
log, the driver creates user in AD but it has checkbox “User must change
password at next logon” checked.

I am messing with this problem around 2 weeks, searched newsgroups, all
Novell TIDs but nothing helped so far.

Here is my Setup:
IDM running on Netware 6.5 sp4 server with 4 more NW6.5 servers in the tree.
2 domain controllers with win2003 active directory. Remote loader running
on one of them.
Authentication method - negotiate,
Digitally sign communications – YES,
Digitally sign and seal communications – YES,
SSL encryption –NO.
SSL between remote loader and Netware – working correctly and turned on.
Universal password enabled.

Any ideas?