Unable to provision Exchange account

Document ID:3835823
Creation Date:06-Dec-2006
Modified Date:26-Apr-2012
- Micro Focus Products:
  Identity Manager

Environment

Novell Identity Manager Driver- Active Directory Driver
Novell Identity Manager Identity Manager 3.0

Situation

Unable to provision Exchange account
ERROR: ADDriver: bind failed 0x8007202a
ERROR: Unable to bind via ADSI -- ADSI error 0x8007202a -- The authentication mechanism is unknown.
ERROR: Unable to bind to Active Directory object for Exchange management

Active Directory users are created when an account is created in the Identity Vault, however the Exchange accounts are not provisioned. Negotiate authentication method and CDOEXM are being used. The Authentication context is set with the IP address of the domain controller.

Resolution

Instead of the IP address, the DNS host name of the domain controller needs to be specified in the "Authentication context" parameter for the driver. An IP address should only used in case of Simple authentication.

Replacing the IP address with the host name of the domain controller solved the issue. You can check the correct host name on the Windows controller if you open "Active Directory Users and Computers", browse to "Domain Controllers" in the domain and select the domain controller. You should use the value in the "DNS Name" field.

Additional Information

Part of the trace which shows the problem should look like this:
DirXML: [11/18/06 06:01:06.37]: ADDriver: change password: old=(none), new=***
DirXML: [11/18/06 06:01:06.79]: ADDriver: password change complete
DirXML: [11/18/06 06:01:06.82]: ADDriver: set userAccountControl returns 0x0000
DirXML: [11/18/06 06:01:06.82]: ADDriver: Exchange: begin provision exchange account
DirXML: [11/18/06 06:01:06.82]: ADDriver: CDOEXM: Bind to CN=User 1 User,CN=Users,DC=bkp,DC=kk
DirXML: [11/18/06 06:01:06.96]: ADDriver: LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662
DirXML: [11/18/06 06:01:06.96]: ADDriver: bind failed 0x8007202a
DirXML: [11/18/06 06:01:06.96]: Loader: subscriptionShim->execute() returned:
DirXML: [11/18/06 06:01:06.96]: Loader: XML Document:
DirXML: [11/18/06 06:01:06.96]:

AD
Novell, Inc.

f3a3b4a340ed674491fc8c5e8cd41fd7

Unable to bind to Active Directory object for Exchange management LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662
Unable to bind via ADSI -- ADSI error 0x8007202a -- The authentication mechanism is unknown.

DirXML: [11/18/06 06:01:06.96]:
DirXML Log Event -------------------
Driver = \TREE\drivers\IDMdrivers\AD
Thread = Subscriber Channel
Object = \TREE\users\Active\BKP101 (CN=User 1 User,CN=Users,DC=bkp,DC=kk)
Level = error
Message = Unable to bind to Active Directory object for Exchange management LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662