Error Active Directory Target Reconciliation

Similar Messages

• Active Directory Error 0x51 occurred when trying to check the suitability of server ' servername '. Error: 'Active directory response: The LDAP server is unavailable'. It was running the command 'Get-OwaVirtualDirectory'.

  This issue is driving us nuts - there are no issues with Domain Controllers or AD in this environment.  The server it is citing in the error has been retired - it was gracefully dcpromo'ed down and removed from the environment.  DNS has no record of it, nor is it located anywhere else.  We are not able to log into Outlook Web App either with authentication failed errors - and I can't help but expect these 2 issues are related?  I tried hard coding the Configuration Domain Controller at the org level, as well as using the -staticdomaincontrollers and -staticglobalcatalogservers with the "Set-ExchangeServer" powershell command - no luck....  System settings of the exchange 2010 servers show they are pointing to the correct DCs - but I still get this error accompanied with long delays in rendering windows in EMC.  Extremely frustrating.....  I have an issue logged with MS now, but they aren't looking at them until Nov 9.  Has anyone seen this issue at all?  More info on the OWA config - using Form based auth, and I'm not able to perform a simple test-owaconnectivity -mailboxcredential (get-credential\username) -allowuntrustedcertificate -allowinsecurelogon - please help

  Create a "global catalog" on the 2nd domain contoller, will fix this problem. 
  To create a new global catalog:
  On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
  In the console tree, double-click Sites , and then double-click <var>sitename</var> .
  Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties .
  On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
  Restart the domain controller.

• An Active Directory error 0x51 occurred when trying to check the suitability of server

  We have several exchange administrators and two exchange 2010 servers and one exchange 2007 server. I am getting the following error message
  when opening up Exchange Management Console on one of the exchange 2010 server. 
  "An Active Directory error 0x51 occurred when trying to check the suitability of server 'dc101.domain.local'. Error: 'Active directory
  response: The LDAP server is unavailable.' 
  dc101 does not exist anymore. I tried changing the Configuration Domain Controller by manually specify a domain controller but get the exact
  same error message and also gets an empty list when selecting the domain. Other administrators who logs into to the same server do not get this error message. 
  If I open the exchange management console on another exchange server, it works without problem. Is there a setting somewhere I need to change
  to point it to the correct domain controller using power shell?

  I fixed it for myself.
  Organization Configuration->Modify Configuration Domain Controller->select Use a default domain controller
   

• Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)

  Hi,
  I am trying to install certificate services on a windows 2008 server (R2 ENT SP1) with a PCIe nCipher HSM module installed on it. The version of nCipher SW is = 11.30.  It is a RootCA, and I am trying to use a key that is already stored in the HSM (I
  have done this before with a PCI HSM (older HW version)).  I select “Use existing private key” and “Select an existing private key on this computer” on the wizard, then i change the CSP to nCipher and click on "search" the key I am looking for
  appears and I select that one.  I repeat, I have done this before and it works with a PCI HSM module.
  The installation is finished before being prompted to insert the operator cards, and it ends with two errors:
  <Error>: Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
  And:
  <Error>: Active Directory Certificate Services setup failed with the following error: The group or resource is not in the correct state to perform the requested operation.
  0x8007139f (WIN32: 5023)
  The servermanager.log says:
  1856: 2014-07-23 18:27:48.195 [CAManager]                 Sync: Validity period units: Years
  1856: 2014-07-23 18:27:48.928 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x800703E5): CCertSrvSetup::Install: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
     at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
     at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
  1856: 2014-07-23 18:27:48.928 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  Overlapped I/O operation is in progress.
  0x800703e5 (WIN32: 997)'
  1856: 2014-07-23 18:27:48.928 [Provider]                  Adding error message.
  1856: 2014-07-23 18:27:48.928 [Provider]                  [STAT] For 'Certification Authority':
  And:
  1856: 2014-07-23 18:27:49.053 [CAWebProxyManager]         Sync: Initializing defaults
  1856: 2014-07-23 18:27:49.162 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x8007139F): CCertSrvSetup::Install: The group or resource is not in the correct state to perform the requested operation. 0x8007139f (WIN32: 5023)
     at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
     at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
  1856: 2014-07-23 18:27:49.162 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  The group or resource is not in the correct
  state to perform the requested operation. 0x8007139f (WIN32: 5023)'
  1856: 2014-07-23 18:27:49.162 [Provider]                  Adding error message.
  Has anyone experienced this before? Am I missing something here?
  Any help will be very appreciated
  Thanks in advance
  Best regards
  Alejandro Lozano Villanueva

  Hi, thanks for your support.
  I have been playing around a bit with some ncipher commands and found this:
  C:\Program Files (x86)\nCipher\nfast\bin>cspcheck.exe
  cspcheck: fatal error: File key_mscapi_container-1c44b9424a23f6cddc91e8a065241a0
  9aa719e4f (key #1): 0 modules contain the counter (NVRAM file ID 021c44b9424a23f
  6cddc91)
  cspcheck: information: 2 containers and 2 keys found.
  cspcheck: fatal error occurred.
  If I perform the same command on the original server (the server with the original kmdata folder and with the running RootCA services):
  E:\nfast\bin>cspcheck.exe
  cspcheck: information: 2 containers and 2 keys found.
  cspcheck: everything seems to be in order.
  Strange?
  Moreover, when I do a csptest.exe command (also on both servers, i find this)
  On the new server:
  C:\Program Files (x86)\nCipher\nfast\bin>csptest.exe
  nCipher CSP test software
  =========================
  Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
    Provider name: nCipher Enhanced Cryptographic Provider
    Version number: 1.48
  User key containers:
      Container 'csptest.exe' has no stored keys.
      Container 'Administrator' has no stored keys.
    Machine key containers:
      Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
      Container 'ROOTCA' has no stored keys.
      Container 'csptest.exe' has no stored keys.
  While in the old server:
  E:\nfast\bin>csptest.exe
  nCipher CSP test software
  =========================
  Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
    Provider name: nCipher Enhanced Cryptographic Provider
    Version number: 1.40
  User key containers:
      Container 'csptest.exe' has no stored keys.
    Machine key containers:
      Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
      Container 'ROOTCA' has a 2048-bit signature key.
      Container 'csptest.exe' has no stored keys.
  As you can see, the container called ROOTCA, which is the one that I use during the installation, says it has no stored keys.  While on the old server, it says it contains a key.  Why is this happening?  I dont know, I am copying the complete
  key management folder from one server to another and initialize the security world with that folder as I always do, and i dont have any errors during this procedure. 
  Do you know what could be the cause of this? or how can I fix this?  Thanks a lot, best regards.
  Alejandro Lozano Villanueva

• Problems using native query in Active Directory connector v 9.1

  Hello,
  Has anyone ran into a problem when trying to do a query with a not operator?
  I want to import all users, but not computers.. so I tried the query (&(objectClass=user)(!objectclass=computer))
  I tried this query directly in the active directory and it worked.
  The problem is when I apply it to OIM it gives out the following error:
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Enter
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Enter
  INFO,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],Starting Active Directory Trusted Reconciliation
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Exit
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Enter
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Exit
  DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
  DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
  DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
  DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
  DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Enter
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Exit
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ActiveDirectoryRecon/performReconciliation :query (&(&(objectClass=user)(!objectclass=computer))(whenChanged>=19000101000000.0Z))
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Enter
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Enter
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Enter
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Exit
  DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Enter
  DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Exit
  DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Enter
  DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Exit
  DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],Critical Extensions Supported
  DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Enter
  DEBUG,29 Oct 2008 19:48:06,549,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Exit
  DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Exit
  ERROR,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],The error occured in tcADUtilLDAPController::searchResultPageEnum():Unbalanced parenthesis
  DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Enter
  DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Exit
  DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Exit
  DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Exit
  INFO,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],End of Active Directory Reconciliation....
  DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryReconTask/execute End
  Thanks in advance,
  Tomic

  Hi,
  Try this and it will work.I am using it.
  (&(objectClass=user)(!(objectClass=computer)))
  Regards
  Nitesh

• Active Directory server is not available

  i have just setup and started testing a new exchange 2007 on my network. we did not have a exchange before, so this is a new install.
  my domain, xxx.com is a windows 2000 native AD. the exchange 2007 is a win 2003 sp1 x64, it is also a DC and has all roles assigned to it
  in my network i have
  dc01 win2000 sp4  dc (gc)
  dc02 win2000 sp4 dc (gc)
  exch01 win 2003 sp1 dc, rid, pdc, fmso, gc, infrastucture and naming
  the install went well, and i have been testing it for the past 2 weeks this dummy accounts. test smtp connectors, etc. all was working fine. to the point that i have started planing the migration of the users
   today i did some mods to IIS for a owa free SSL from startcom (as well as the root CAs). i have remove it since.
  i now get the following errors when i start the console, or shell. :
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  It was running command 'get-ExchangeAdministrator'.
  The following error(s) were reported while loading topology information:
  get-ExchangeServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  get-UMServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  HELP.. i have no idea what it does not like.
   exbpa does not report anything, i even get it to connect to the exch01 for it AD access.
  Any ideas??
  Thanks
  Paul Gartner
  (over all i like what i have been seeing in ex2007) 

  i think that you might be confusing "AD user account" and "profile". you DO NOT delete administrator from your AD Users and Computers. you only delete the Profile (\documents and settings\administrator folder). you can NOT do this while you are logged on using the administrator account.
  be sure to backup any data in your my documents and any favorites
  create another user that is in the domain admin group of your active directory, log on with that account and verify that the exchange tools works. then follow this to remove the profile.
  >1). Logon the Exchange server by using another admin account.
  >2). Open Control Panel, select System.
  >3). Select Advanced tab and click the Settings button of User Profile.
  >4). Delete the Profile of user which encounters this issue.
  >5). Click OK.
  >6). Restart the server and logon it by using Administrator account.
  > 
  once this is done, logon with your administrator account and try the tools again, they should work.tn
  Paul Gartner

• Exchange 2013 cu3 setup fails with 'problem... validating the state of Active Directory... supplied credential... invalid'

  Windows Server 2013; Exchange Server 2013 with Cumulative Update 1
  Cannot install Cumulative Update 3 for Exchange Server 2013. It fails with
  [xxx] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.  See the Exchange setup log for more information on this error.
  [xxx] [0] [ERROR] Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.
  [xxx] [0] [ERROR] The supplied credential is invalid.
  (Crosses - XXX - replace original values.)
  I have found that a few others have experienced the same problem but found no solution, nor could come up with anything myself. If it is any hint, Event 40961 was logged in the Event Viewer around the same time on almost all installation attempts to be purely
  conincidental:
  The Security System could not establish a secured connection with the server
  ldap/xxx.xxx/[email protected] No authentication protocol was available.
  Both Windows Server and Exchange Server otherwise work OK, and do not recall any issues with Cumlative Update 1 installation.

  Hi vhr1,
  Based on my knowledge, the Event ID 40961 is a warning message.
  This behavior occurs when we restart the server that was promoted to a DC. The Windows Time service tries to authenticate before Directory Services has started.
  Found some resources for your reference even if the Exchange Version is mismatched:
  http://blogs.technet.com/b/jhoward/archive/2005/04/20/403946.aspx
  http://support.microsoft.com/kb/823712/en-us
  About the error message, "Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid."
  The error message InvalidCredentials means: the wrong password was supplied or the SASL credentials cannot be processed.
  Found a similar thread for your reference, hope it is helpful:
  http://social.technet.microsoft.com/Forums/en-US/98e26ad6-8e43-4ef5-8ff9-e9fee6e76bda/bind-operation-is-invalid?forum=exchangesvrdeploylegacy
  Feel free to contact me if there is any problem.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

  I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
  with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
  The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
  Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
   is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
  I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
  is not available.
  Help please!

  Hi,
  As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC. 
  If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
  are different site then check the ports are open on firewall. 
  http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
  http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
  If issue reoccurs, post dcdiag /q result.
  NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
  Active Directory Metadata Cleanup
  http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
  Best regards,
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

• Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

  Hi All,
  I have just added my first 2010 exchange server to our organisation.
  Upon trying to enter the product key, i get the following:
  Error:
  Active Directory operation failed on DC01.myorg.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
  Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  The user has insufficient access rights.
  Click here for help...
  http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B
  Exchange Management Shell command attempted:
  set-exchangeserver -Identity 'CAS01' -ProductKey 'xxxxx-xxxxx-xxxxx-xxxxx-xxxxx'
  I get a similar error when trying to run the cmdlet New-ClientAccessArray.
  It would appear there is a inheritance of permissions issue somewhere but where. Most other references to this error are on mailbox moved where the error is with the mailbox being moved. where is it here?
  Any thoughts? This is driving me mad :(

  Hi,
  After much research on the forums I found this solution that worked for me:
  Technet
  Article
  Tanks,
  Arthur.

• Active Directory service discovery failed

  Hi forum user,
  I have integrated my SGD with AD.
  I saw the following error in jserver log file:
  # more jserver2698_error.log
  2007/07/24 15:25:22.626 (pid 2698) server/ldap/error #1185261922626
  Sun Secure Global Desktop Software (4.31) ERROR:
  Active Directory service discovery failed: Failed to find any valid Site objects.
  Looking up Global Catalog DNS name: gc.tcp.telbru.com.bn. - HIT
  Looking for GC on server: Active Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
  Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
  Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
  Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
  Looking up site context: CN=Sites,CN=Configuration
  Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
  Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
  Failed to discover Active Directory Site, Domain and server data.
  This might mean LDAP users cannot log in.
  Make sure the DNS server contains the Active Directory service
  records for the forest. Make sure a Global Catalog server is available.
  Why the error occurred ?
  What is the resolution to this error ?
  Appreciate any help. Thanks.

  This error message is telling you that SGD failed to find any site objects in your AD tree. This should not stop users from logging in, it will just mean that SGD will not be able to work out which AD site is local to the SGD server.
  If you are not using sites in your AD setup, then you do not need to worry about this.
  Hope this helps,
  DD

• Active Directory Discovery fails to bind to OU

  I am continuously receiving the following error:
  Active Directory System Discovery Agent failed to bind to container
  LDAP://OU=DOMAIN CONTROLLERS,DC=MYDOMAIN,DC=COM. Error: The specified directory service attribute or value does not exist.
  Not sure what to check at this point.  I have checked permissions on the OU, Server has read permissions. Here is screenshot of properties:

  Have you tried discovery of the entire forest, not just a single OU? If that works then it has to be permissions to that OU. If it fails, then it would be no permissions to the forest.
  I'd also consider using a user account (just as a test). Personally I've always used the site server computer account, but you could also try a user account for this to ensure that it's not something else.
  Wally Mead

• Error running Organization Lookup Recon in OIM 11g R2 with Active Directory

  Hi all,
  I have an implementation of OIM 11g R2, with an Active Directory 11.1.1.5.0 connecting to an instance of Active Directory on Windows Server 2008. I am trying to run the "Active Directory Organization Lookup Reconciliation" scheduled task, but the job fails with this error:
  oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
  This is the full stack trace from the oim_domain.log file:
  oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
  at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
  at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:115)
  at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:382)
  at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
  at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
  at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
  at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
  at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
  at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
  at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
  at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.security.Security.runAs(Security.java:41)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  The Connector Server is installed on the AD instance, and the key has been set, and used appropriately in the Active Directory Connector Server IT Resource in OIM.
  Any advice on how to resolve this error or on any possible causes would be much appreciated, thank you.

  From the installation media, copy and extract contents of the bundle/ActiveDirectory.Connector-1.1.0.6380.zip file to the CONNECTOR_SERVER_HOME directory
  Refer http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#CHDDJGIG

• Error while trying to provision OIM user to Active Directory using SSL

  Hi All,
  I am able to see the users through LDAP browser using SSL but am getting the following error while trying to provision OIM users to AD using SSL.
  I am using Microsoft Active Directory connector type 9.11.
  Response: Connection Error encountered
  Response Description: Error encountered while connecting to target system
  I did some testing using "Diagnostic Dashboard" and the following are the results.
  Test Name: Target System SSL Trust Verification: Passed
  Test Name: Test Basic Connectivity: Failed
  Exceptions:
  ITResource information values are not correct. Enter the correct values.
  java.lang.reflect.InvocationTargetException
  javax.naming.CommunicationException: simple bind failed:
  unable to find valid certification path to requested target.Test Name: Test Provisioning:Failed
  Note: Without SLL all the above tests got Passed.
  Can anybody help me out from this issue.
  Thanks in advance.
  Pradeep Kumar.

  I am able to connect to AD using 636 port number from LDAP browser and as the following test got Passed i think that my certificatee should be correct.
  Test Name: Target System SSL Trust Verification.
  Input Parameters
  Target System: idm.orademo.com
  Port: 636 Certificate Store
  Location: /usr/java/jdk1.6.0_14/jre/lib/security/cacerts
  Result : Passed
  ITResource Values:
  ADAM LockoutThreshold Value     
  ADGroup LookUp Definition     Lookup.ADReconciliation.GroupLookup
  Admin FQDN     cn=Administrator,cn=Users,dc=orademo,dc=com
  Admin Password     *******
  Allow Password Provisioning     yes
  AtMap ADGroup     AtMap.ADGroup
  AtMap ADUser     AtMap.AD
  Invert Display Name     no
  Port Number     636
  Remote Manager Prov Lookup     AtMap.AD.RemoteScriptlookUp
  Remote Manager Prov Script Path     
  Root Context     dc=orademo,dc=com
  Server Address     idm.orademo.com
  Target Locale: TimeZone     GMT
  UPN Domain     orademo.com
  Use SSL     yes
  isADAM     no
  isLookupDN     no
  isUserDeleteLeafNode     no
  Thansk & Regards,
  Pradeep Kumar.

• Issue with Active Directory User Target Recon

  Hi ,
  I am facing an issue with Active Directory User Target Recon
  My environment is OIM 11g R2 with BP03 patch applied
  AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
  In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
  When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
  Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
  Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
  Checked the user profile of users processed can see AD account provisioned for users
  My query is why this job is not processing allthe users.Please point if i am missing some thing .
  thanks in advance

  Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
  -Bikash

• Microsoft Exchange Server 2013 Cumulative Update 7 Setup - Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error - Set-SharedConfigDC

  What am I trying to do?
  I have tried installing Microsoft Exchange Server 2013 Cumulative Update 7 Setup on a fresh install of Windows Server 2012 R2 but it gets stuck when running the setup exe on Step 8 of 14 “Mailbox Transport Service” I have included full
  error logs at the bottom of the page but the basics are in order it will throw which loop around are:
  [01/20/2015 17:13:20.0084] [2] Beginning processing Set-SharedConfigDC
  [01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
  Found in Forest mydomain.com Site Default-First-Site and connected Sites..
  [01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
  Exchange is currently running in the envirmonet on 2010 Sp3 I am installing 2013 CU7 fresh so I can migrate the databases over.
  What am I running?
  2 X DC on domain and forest functional level 2008R2 both writable
  1 X fresh install of Windows 2012 R2 which is domain joined
  What have I tried?
  Checked Ipv6 is enabled on all DC NICS and Existing Exchange Servers
  Rebooted every server
  Run setup as Administrator
  My account is part of the domain Enterprise Admin group
  Tried adding "Exchange Server" or "Exchange Enterprise Servers" to the group policy and doing the relevant gpupdate /force and reboot :
  Computer Configuration Windows Settings
  Security Settings + Local Policies
  User Rights Assignment Mange auditing and security log
  Turned off firewall on DC and Exchange Server even stopped the service
  Turned off all AV on the DC and Exchange Server
  Checked I could telnet to global catalog servers on port 3268 which I can
  Checked the global catalog records existed in DNS which they all do
  Done the obvious ping tests all round which confirms connectivity
  Schema has been prepared using appropriate commands before running the setup exe
  setup.exe /PrepareSchema /IacceptExchangeServerLicenseTerms
  Making sure the following path has full permissions:
  EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
  Restarted Microsoft Exchange Active Directory Topology service
  DcDiag all looks good
  What have I noticed that is suspicious?
  Microsoft Exchange Transport service will not start even though both of its dependences services have started:
  Microsoft Filtering Management Service
  Microsoft Exchange Active Directory Topology Service
  It will eventually error with
  “Windows could not start the Microsoft Exchange Transport Service on local computer
  Error 1053: This Service did not respond to the start of control request in a timely fashion”
  This error is from the GUI wizard itself:
  Error:
  The following error was generated when "$error.Clear();
  $maxWait = New-TimeSpan -Minutes 8
  $timeout = Get-Date;
  $timeout = $timeout.Add($maxWait);
  $currTime = Get-Date;
  $successfullySetConfigDC = $false;
  while($currTime -le $timeout)
  $setSharedCDCErrors = @();
  try
  Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
  $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
  if($successfullySetConfigDC)
  break;
  Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
  catch
  Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
  Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
  Start-Sleep -Seconds 30;
  $currTime = Get-Date;
  if( -not $successfullySetConfigDC)
  Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
  " was run: "System.Exception: Unable to set shared config DC.
  at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
  at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
  at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
  at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
  at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  Exchange logs which have been written:
  **The error will loop around for 8 minutes on trying to set-sharedconfig DC whatever this is trying to do ??
  [01/20/2015 17:13:20.0084] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller:mydomain.com', Preferred Global Catalog: 'mydomain.com', Preferred Domain Controllers:
  '{ mydomain.com}'
  [01/20/2015 17:13:20.0084] [2] User specified parameters: 
  -DomainController:mydomain.com' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
  [01/20/2015 17:13:20.0084] [2] Beginning processing Set-SharedConfigDC
  [01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
  Found in Forest mydomain.com Site Default-First-Site and connected Sites..
  [01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
  [01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
  Found in Forest mydomain.com Site Default-First-Site and connected Sites..
  [01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
  [01/20/2015 17:13:20.0178] [2] Ending processing Set-SharedConfigDC
  [01/20/2015 17:13:20.0193] [2] Beginning processing Write-ExchangeSetupLog
  [01/20/2015 17:13:20.0193] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details
  No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites..
  [01/20/2015 17:13:20.0193] [2] Ending processing Write-ExchangeSetupLog
  [01/20/2015 17:13:20.0193] [2] Beginning processing Write-ExchangeSetupLog
  [01/20/2015 17:13:20.0193] [2] Waiting 30 seconds before attempting again.
  [01/20/2015 17:13:20.0193] [2] Ending processing Write-ExchangeSetupLog
  [01/20/2015 17:13:50.0195] [2] Beginning processing Write-ExchangeSetupLog
  [01/20/2015 17:13:50.0273] [2] [ERROR] Unable to set shared config DC.
  [01/20/2015 17:13:50.0273] [2] [ERROR] Unable to set shared config DC.
  [01/20/2015 17:13:50.0288] [2] Ending processing Write-ExchangeSetupLog
  [01/20/2015 17:13:50.0288] [1] The following 1 error(s) occurred during task execution:
  [01/20/2015 17:13:50.0288] [1] 0.  ErrorRecord: Unable to set shared config DC.
  [01/20/2015 17:13:50.0288] [1] 0.  ErrorRecord: System.Exception: Unable to set shared config DC.
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
  [01/20/2015 17:13:50.0288] [1] [ERROR] The following error was generated when "$error.Clear();
  $maxWait = New-TimeSpan -Minutes 8
  $timeout = Get-Date;
  $timeout = $timeout.Add($maxWait);
  $currTime = Get-Date;
  $successfullySetConfigDC = $false;
  while($currTime -le $timeout)
  $setSharedCDCErrors = @();
  try
  Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
  $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
  if($successfullySetConfigDC)
  break;
  Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
  catch
  Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
  Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
  Start-Sleep -Seconds 30;
  $currTime = Get-Date;
  if( -not $successfullySetConfigDC)
  Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
          " was run: "System.Exception: Unable to set shared config DC.
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  [01/20/2015 17:13:50.0288] [1] [ERROR] Unable to set shared config DC.
  [01/20/2015 17:13:50.0288] [1] [ERROR-REFERENCE] Id=AllADRolesCommonServiceControl___ee47ab1c06fb47919398e2e95ed99c6c Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
  [01/20/2015 17:13:50.0288] [1] Setup is stopping now because of one or more critical errors.
  [01/20/2015 17:13:50.0288] [1] Finished executing component tasks.
  [01/20/2015 17:13:50.0304] [1] Ending processing Install-BridgeheadRole
  Windows Event Viewer:
  Process Microsoft.Exchange.Directory.TopologyService.exe (PID=5276) Forest mydomain.com. Exchange Active Directory Provider couldn't find minimal required number of suitable Global Catalog servers
  in either the local site 'Default-First-Site' or the following sites:

  Hi apl228,
  1. Please make sure the IPv6 is enabled.
  2. Please make sure the account that install Exchange server has Administrator permission.
  3. Please make sure DNS has been configured correctly.
  Thanks
  Mavis Huang
  TechNet Community Support