Scenario One The minimal steps to reproduce are to add the following entries to the default host.xml and then start domain mode. <security-realm name="ldap_security_realm"> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> <outbound-connections> <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" /> </outbound-connections> This results in the error: - [Host Controller] 17:05:25,154 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ldap_security_realm: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ldap_security_realm: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN) [Host Controller] at org.jboss.as.domain.management.security.SecurityRealmService.start(SecurityRealmService.java:226) [Host Controller] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) Scenario Two A second scenario can be triggerd by defining the security realm as: - <security-realm name="ldap_security_realm"> <server-identities> <ssl> <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> </ssl> </server-identities> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> With the same outbound connection as in the first scenario. The management-interfaces should be updated to: - <management-interfaces> <http-interface security-realm="ldap_security_realm"> <http-upgrade enabled="true"/> <socket interface="management" port="${jboss.management.http.port:9990}"/> </http-interface> </management-interfaces> This results in no clear error. [Host Controller] 17:09:12,854 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details. This scenario should actually be logging an error similar to the following as the realm is referencing a path which is not defined. [Host Controller] 17:08:41,763 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ [Host Controller] ("host" => "master"), [Host Controller] ("core-service" => "management"), [Host Controller] ("security-realm" => "ldap_security_realm") [Host Controller] ]) - failure description: { [Host Controller] "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""], [Host Controller] "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"] In the last scenario if jboss.server.config.dir is replaced with jboss.domain.config.dir in the realm then the error reported in the first scenario is again reported.