Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
311 views

AD / exchange provisioning does not work


Hi all,

I've some trouble with the automatic mailbox distribution function of
exchange 2010 in the AD IDM driver.
The provison proccess works fine with a "hard" defined mailbox store,
but it is not possible to enter a "defer" for the homeMDB attribute to
trigger the automatic mailbox distribution function in exchange. The
following error is shown in the driverlog:
"ERROR: Couldn't find database "defer". Make sure you have typed it
correctly."
I've just tried to set the value for homeMDB in a rule of my policy (set
dest. attribute), because we don't use entitlements.
My RemoteLoader Version is : 4.0.2

Does anybody have a hint (or solution) for me, how to solve this
problem?


Regards,
Frank


--
fdoepker
------------------------------------------------------------------------
fdoepker's Profile: https://forums.netiq.com/member.php?userid=718
View this thread: https://forums.netiq.com/showthread.php?t=47498

Labels (1)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: AD / exchange provisioning does not work

On 4/8/2013 11:14 AM, fdoepker wrote:
>
> Hi all,
>
> I've some trouble with the automatic mailbox distribution function of
> exchange 2010 in the AD IDM driver.
> The provison proccess works fine with a "hard" defined mailbox store,
> but it is not possible to enter a "defer" for the homeMDB attribute to
> trigger the automatic mailbox distribution function in exchange. The
> following error is shown in the driverlog:
> "ERROR: Couldn't find database "defer". Make sure you have typed it
> correctly."
> I've just tried to set the value for homeMDB in a rule of my policy (set
> dest. attribute), because we don't use entitlements.
> My RemoteLoader Version is : 4.0.2
>
> Does anybody have a hint (or solution) for me, how to solve this
> problem?


Turn up trace on the Remote Loader side, for the AD driver, try the
defer case, and show us the trace from there please. Might be a hint there.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD / exchange provisioning does not work

On 4/8/2013 10:18 AM, Geoffrey Carman wrote:

> Turn up trace on the Remote Loader side, for the AD driver, try the defer case, and show us the
> trace from there please. Might be a hint there.
>
>

At least level three, preferred level 5.

Also confirm that you are using the Exchange 2010 service and that it is running as a user with
rights to the Exchange organization. This could be a permission problem.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD / exchange provisioning does not work

On 08.04.2013 17:14, fdoepker wrote:
>
> Hi all,
>
> I've some trouble with the automatic mailbox distribution function of
> exchange 2010 in the AD IDM driver.
> The provison proccess works fine with a "hard" defined mailbox store,
> but it is not possible to enter a "defer" for the homeMDB attribute to
> trigger the automatic mailbox distribution function in exchange. The
> following error is shown in the driverlog:
> "ERROR: Couldn't find database "defer". Make sure you have typed it
> correctly."
> I've just tried to set the value for homeMDB in a rule of my policy (set
> dest. attribute), because we don't use entitlements.
> My RemoteLoader Version is : 4.0.2


If you performed an upgrade of the remote loader components from a pre
4.0.2 version, you might not be running the 4.0.2 Exchange service (the
error message you have quoted indicates that this is probably the reason)

Can you be more specific - is this a clean/fresh install of "Identity
Manager Connected System Server 64-bit:" from the IDM 4.0.2 DVD/ISO? on
the AD server which hosts the RL?

Did you correctly license this with 4.0.2 AD-driver activation
credentials? (Which differ from the IDM 4.0.1 AD-driver activation
credentials)

> Does anybody have a hint (or solution) for me, how to solve this
> problem?


I would suggest you check the version of the Exchange Service (should be
dated 1st June 2012, version 1.0.0.3 and try to unregister and
re-register this service.

The following section of the documentation explains how to
unregister/uninstall the service and then re-install it again.

https://www.netiq.com/documentation/idm402drivers/ad/data/bnutll4.html#bsdl6dc

NOTE: after you perform this, you need to change the newly reinstalled
service to run with the same credentials that the AD driver uses.

If you are still stuck, set the trace level on the remote loader to 3
and capture a trace that shows the problem. Then share the trace with us
via susepaste or pastebin.com.

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD / exchange provisioning does not work


Hi all,
Thanks so far ... let me give some additional information.

1. A part of the remote loader trace

<---->
DirXML: [04/08/13 12:49:16.21]: ADDriver: parse command

className user
destDN
eventId BIGims03#20130408104920#4#1
association 348f8af4f9a722489231d006f5eebfac
DirXML: [04/08/13 12:49:16.21]: ADDriver: parse modify class = user
DirXML: [04/08/13 12:49:16.21]: ADDriver: association
DirXML: [04/08/13 12:49:16.21]: ADDriver:
348f8af4f9a722489231d006f5eebfac
DirXML: [04/08/13 12:49:16.21]: ADDriver: modify-attr
DirXML: [04/08/13 12:49:16.21]: ADDriver: remove-all-values
DirXML: [04/08/13 12:49:16.21]: ADDriver: add-value
DirXML: [04/08/13 12:49:16.21]: ADDriver: value
DirXML: [04/08/13 12:49:16.21]: ADDriver: defer
DirXML: [04/08/13 12:49:16.22]: ADDriver: Imported attribute homeMDB
MAD syntax DN (2.5.5.1,127,KwwCh3McAIVK)
XDS syntax dn
Single valued true
Case sensitive false
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: request to remove
all mailboxes
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: request to add
mailbox to defer
DirXML: [04/08/13 12:49:16.22]: ADDriver: ldap_modify user
CN=willsmit,OU=Users,OU=LOC1,OU=EUR,OU=BIGCompany,DC=BIGdom-d,DC=tld
LDAPMod operations:
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: begin provision
exchange 2010 account
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: optimize
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: add user mailbox to
new mail store
DirXML: [04/08/13 12:49:16.22]: ADDriver: Exchange: provision
DirXML: [04/08/13 12:49:16.22]: ADDriver: Enabling mailbox...
Enable-Mailbox -Identity
'CN=willsmit,OU=Users,OU=LOC1,OU=EUR,OU=BIGCompany,DC=BIGdom-d,DC=tld'
-Database 'defer' -DomainController 'win2008-sandbox.BIGdom-d.tld'
DirXML: [04/08/13 12:49:16.24]: ADDriver: IDM Exchange Service Response
ERROR: Couldn't find database "defer". Make sure you have typed it
correctly.
DirXML: [04/08/13 12:49:16.24]: Loader: subscriptionShim->execute()
returned:
DirXML: [04/08/13 12:49:16.24]: Loader: XML Document:
DirXML: [04/08/13 12:49:16.24]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="3.5.17" asn1id="" build="20120419_120000"
instance="\BIG_IMS\Admin\IDM\Provisioning\BIGDOM-D">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="exchange" text1="Exchange 2010"
event-id="BIGims03#20130408104920#4#1">Exchange 2010 Exception.
code:0x0000009a Error completing exchange 2010 command. ERROR: Couldn't
find database "defer". Make sure you have typed it correctly.</status>
</output>
</nds>
DirXML: [04/08/13 12:49:16.24]:
DirXML Log Event -------------------
Driver = \BIG_IMS\Admin\IDM\Provisioning\BIGDOM-D
Thread = Subscriber Channel
Object = \BIG_IMS\BIGCompany\Identities\People\Active\USER1557
Level = error
Message = Exchange 2010 Exception. code:0x0000009a Error completing
exchange 2010 command. ERROR: Couldn't find database "defer". Make sure
you have typed it correctly.
DirXML: [04/08/13 12:50:05.30]: ADDriver: Publisher Poll
DirXML: [04/08/13 12:50:05.33]: ADDriver: get object changes - 0x0000
DirXML: [04/08/13 12:50:05.33]: ADDriver: object changes complete
DirXML: [04/08/13 12:50:05.33]: Loader: Received document from
publicationShim
DirXML: [04/08/13 12:50:05.33]: Loader: XML Document:
DirXML: [04/08/13 12:50:05.33]: <nds dtdversion="2.2">
< ---->
So, it seems that the remote loader does not replace the "defer" and
does not trigger an other powershell script.

2. It's no (!) permission problem, because the creation proccess works
fine, if the Attribute homeMDB is filled with a valid DN of an Exchange
Database.

3. @alexmchugh: I will check the right version an the licensing today
(the RL was update) , end send you a reply...

Regards,
Frank


--
fdoepker
------------------------------------------------------------------------
fdoepker's Profile: https://forums.netiq.com/member.php?userid=718
View this thread: https://forums.netiq.com/showthread.php?t=47498

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD / exchange provisioning does not work

On 09.04.2013 10:44, fdoepker wrote:
> <product version="3.5.17" asn1id="" build="20120419_120000"


It looks like your AD driver shim (and likely Exchange Service) is still
running IDM 4.0.1 code (patched to AD Driver Version 3.5.17)

It *should* look like this (the version number needs to be 4.0.x.x)

<product version="4.0.0.0" asn1id="" build="20120330_120000"

Based on your trace, it looks like it is the AD driver shim that detects
"defer" as a different type of command to send to the Exchange Service.

So you need to update AD Driver Shim + Exchange Service (+ maybe
password sync filters) to 4.0.2 level to fix this problem.

I would recommend you also update the IDM remote loader to the 4.0.2 RL
(and patch it to match your engine patch level) as well for best
compatibility/reliability.

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD / exchange provisioning does not work


Hi Alex,

you are right! I've reinstalled the RL and with Version 4.0.0 everything
works fine!

Thanks and regards,

Frank


--
fdoepker
------------------------------------------------------------------------
fdoepker's Profile: https://forums.netiq.com/member.php?userid=718
View this thread: https://forums.netiq.com/showthread.php?t=47498

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.