Environment
Novell Identity Manager Driver- Active Directory Driver
Novell Identity Manager Identity Manager 3.0
Novell Identity Manager Identity Manager 3.0
Situation
Unable to provision Exchange account
ERROR: ADDriver: bind failed 0x8007202a
ERROR: Unable to bind via ADSI -- ADSI error 0x8007202a -- The authentication mechanism is unknown.
ERROR: Unable to bind to Active Directory object for Exchange management
Active Directory users are created when an account is created in the Identity Vault, however the Exchange accounts are not provisioned. Negotiate authentication method and CDOEXM are being used. The Authentication context is set with the IP address of the domain controller.
ERROR: ADDriver: bind failed 0x8007202a
ERROR: Unable to bind via ADSI -- ADSI error 0x8007202a -- The authentication mechanism is unknown.
ERROR: Unable to bind to Active Directory object for Exchange management
Active Directory users are created when an account is created in the Identity Vault, however the Exchange accounts are not provisioned. Negotiate authentication method and CDOEXM are being used. The Authentication context is set with the IP address of the domain controller.
Resolution
Instead of the IP address, the DNS host name of the domain
controller needs to be specified in the "Authentication context"
parameter for the driver. An IP address should only used in case of
Simple authentication.
Replacing the IP address with the host name of the domain controller solved the issue. You can check the correct host name on the Windows controller if you open "Active Directory Users and Computers", browse to "Domain Controllers" in the domain and select the domain controller. You should use the value in the "DNS Name" field.
Replacing the IP address with the host name of the domain controller solved the issue. You can check the correct host name on the Windows controller if you open "Active Directory Users and Computers", browse to "Domain Controllers" in the domain and select the domain controller. You should use the value in the "DNS Name" field.
Additional Information
Part of the trace which shows the problem should look like
this:
DirXML: [11/18/06 06:01:06.37]: ADDriver: change password: old=(none), new=***
DirXML: [11/18/06 06:01:06.79]: ADDriver: password change complete
DirXML: [11/18/06 06:01:06.82]: ADDriver: set userAccountControl returns 0x0000
DirXML: [11/18/06 06:01:06.82]: ADDriver: Exchange: begin provision exchange account
DirXML: [11/18/06 06:01:06.82]: ADDriver: CDOEXM: Bind to CN=User 1 User,CN=Users,DC=bkp,DC=kk
DirXML: [11/18/06 06:01:06.96]: ADDriver: LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662
DirXML: [11/18/06 06:01:06.96]: ADDriver: bind failed 0x8007202a
DirXML: [11/18/06 06:01:06.96]: Loader: subscriptionShim->execute() returned:
DirXML: [11/18/06 06:01:06.96]: Loader: XML Document:
DirXML: [11/18/06 06:01:06.96]:
DirXML: [11/18/06 06:01:06.96]:
DirXML Log Event -------------------
Driver = \TREE\drivers\IDMdrivers\AD
Thread = Subscriber Channel
Object = \TREE\users\Active\BKP101 (CN=User 1 User,CN=Users,DC=bkp,DC=kk)
Level = error
Message = Unable to bind to Active Directory object for Exchange management LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662
DirXML: [11/18/06 06:01:06.37]: ADDriver: change password: old=(none), new=***
DirXML: [11/18/06 06:01:06.79]: ADDriver: password change complete
DirXML: [11/18/06 06:01:06.82]: ADDriver: set userAccountControl returns 0x0000
DirXML: [11/18/06 06:01:06.82]: ADDriver: Exchange: begin provision exchange account
DirXML: [11/18/06 06:01:06.82]: ADDriver: CDOEXM: Bind to CN=User 1 User,CN=Users,DC=bkp,DC=kk
DirXML: [11/18/06 06:01:06.96]: ADDriver: LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662
DirXML: [11/18/06 06:01:06.96]: ADDriver: bind failed 0x8007202a
DirXML: [11/18/06 06:01:06.96]: Loader: subscriptionShim->execute() returned:
DirXML: [11/18/06 06:01:06.96]: Loader: XML Document:
DirXML: [11/18/06 06:01:06.96]:
DirXML: [11/18/06 06:01:06.96]:
DirXML Log Event -------------------
Driver = \TREE\drivers\IDMdrivers\AD
Thread = Subscriber Channel
Object = \TREE\users\Active\BKP101 (CN=User 1 User,CN=Users,DC=bkp,DC=kk)
Level = error
Message = Unable to bind to Active Directory object for Exchange management LDAP://192.168.1.1/CN=User 1 User,CN=Users,DC=bkp,DC=kk
user Administrator, domain BKP, password ***, auth 0x0201, hr -2147016662