Unable to provision Exchange account
ERROR: ADDriver: bind
failed 0x80072035
ERROR: Unable to bind via
ADSI -- ADSI error 0x80072035 -- The server is unwilling to process
the request.
ERROR: Unable to bind to
Active Directory object for Exchange management
ERROR: auth 0x0243, hr
-2147016651
Active Directory users are created when an account is created in
the Identity Vault, however the Exchange accounts are not
provisioned. Negotiate authentication method and CDOEXM are
being used.
The communication between the driver and the Domain Controller is
encrypted using Signing and Sealing.
Resolution
The CDOEXM method to provision Exchange accounts is currently
unable to bind to Active Directory using Signing and Sealing. If
the driver is not running on a Domain Controller and the
communication needs to be encrypted (to be able to synchronize
passwords, for example), it is recommended to set up SSL between
the member server and the Domain Controller.
Additional Information
A remote loader at level 3 will show: DirXML: [06/21/07
10:00:45.51]: ADDriver: Exchange: begin provision exchange
account DirXML: [06/21/07
10:00:45.51]: ADDriver: CDOEXM: Bind to CN=John
Doe,OU=People,DC=acme,DC=com DirXML: [06/21/07
10:00:45.52]: ADDriver: LDAP://dc1.acme.com/CN=John
Doe,OU=People,DC=acme,DC=com user IDM3, domain , password ***, auth
0x0243, hr -2147016651 DirXML: [06/21/07
10:00:45.52]: ADDriver: bind failed 0x80072035
and then will report the error: DirXML: [06/21/07
10:00:45.54]: AD Novell,
Inc.
2d5eebe6978d294d95e4e36bbbbbbb0 Unable to bind to Active Directory object
for Exchange management LDAP://dc1.acme.com/CN=John
Doe,OU=People,DC=acme,DC=com user IDM3, domain ,
password ***, auth 0x0243, hr -2147016651 Unable to bind
via ADSI -- ADSI error 0x80072035 -- The server is unwilling to
process the request.
For other tips and tricks on how to configure CDOEXM to provision
Exchange accounts, refer to KB 3675293, "ADDriver: Exchange: could not get CDOEXM mailbox
interface"