Environment
Novell Identity Manager 3.5
Novell Identity Manager Driver - Active Directory
Situation
Unable to provision Exchange account
ERROR: ADDriver: bind failed 0x80072035
ERROR: Unable to bind via ADSI -- ADSI error 0x80072035 -- The server is unwilling to process the request.
ERROR: Unable to bind to Active Directory object for Exchange management
ERROR: auth 0x0243, hr -2147016651
Active Directory users are created when an account is created in the Identity Vault, however the Exchange accounts are not provisioned. Negotiate authentication method and CDOEXM are being used.
The communication between the driver and the Domain Controller is encrypted using Signing and Sealing.
ERROR: ADDriver: bind failed 0x80072035
ERROR: Unable to bind via ADSI -- ADSI error 0x80072035 -- The server is unwilling to process the request.
ERROR: Unable to bind to Active Directory object for Exchange management
ERROR: auth 0x0243, hr -2147016651
Active Directory users are created when an account is created in the Identity Vault, however the Exchange accounts are not provisioned. Negotiate authentication method and CDOEXM are being used.
The communication between the driver and the Domain Controller is encrypted using Signing and Sealing.
Resolution
The CDOEXM method to provision Exchange accounts is currently
unable to bind to Active Directory using Signing and Sealing. If
the driver is not running on a Domain Controller and the
communication needs to be encrypted (to be able to synchronize
passwords, for example), it is recommended to set up SSL between
the member server and the Domain Controller.
Additional Information
A remote loader at level 3 will show:
DirXML: [06/21/07 10:00:45.51]: ADDriver: Exchange: begin provision exchange account
DirXML: [06/21/07 10:00:45.51]: ADDriver: CDOEXM: Bind to CN=John Doe,OU=People,DC=acme,DC=com
DirXML: [06/21/07 10:00:45.52]: ADDriver: LDAP://dc1.acme.com/CN=John Doe,OU=People,DC=acme,DC=com user IDM3, domain , password ***, auth 0x0243, hr -2147016651
DirXML: [06/21/07 10:00:45.52]: ADDriver: bind failed 0x80072035
and then will report the error:
DirXML: [06/21/07 10:00:45.54]:
AD
Novell,
Inc.
2d5eebe6978d294d95e4e36bbbbbbb0
Unable to bind to Active Directory object
for Exchange management LDAP://dc1.acme.com/CN=John
Doe,OU=People,DC=acme,DC=com
user IDM3, domain , password ***, auth 0x0243, hr -2147016651
Unable to bind
via ADSI -- ADSI error 0x80072035 -- The server is unwilling to
process the request.
For other tips and tricks on how to configure CDOEXM to provision Exchange accounts, refer to KB 3675293, "ADDriver: Exchange: could not get CDOEXM mailbox interface"
DirXML: [06/21/07 10:00:45.51]: ADDriver: Exchange: begin provision exchange account
DirXML: [06/21/07 10:00:45.51]: ADDriver: CDOEXM: Bind to CN=John Doe,OU=People,DC=acme,DC=com
DirXML: [06/21/07 10:00:45.52]: ADDriver: LDAP://dc1.acme.com/CN=John Doe,OU=People,DC=acme,DC=com user IDM3, domain , password ***, auth 0x0243, hr -2147016651
DirXML: [06/21/07 10:00:45.52]: ADDriver: bind failed 0x80072035
and then will report the error:
DirXML: [06/21/07 10:00:45.54]:
user IDM3, domain , password ***, auth 0x0243, hr -2147016651
For other tips and tricks on how to configure CDOEXM to provision Exchange accounts, refer to KB 3675293, "ADDriver: Exchange: could not get CDOEXM mailbox interface"