8 Replies Latest reply on Dec 5, 2013 5:32 PM by user13680598

    Exchange connector

    989437

      Hi Experts,

       

      I am new to ICF connector and trying to configure exchange connector in OIM 11gR2. AD connector is already installed and working fine. Below are the steps I followed to install exchange connector:

       

      1. Installed exchange connector and created IT resource

      2. Installed connector server and created IT resource for it.

      3. Now trying to provision exchange resource to the user through direct provisioning. This user already have AD account provisioned. I had provided user name , alias name as email id and recipient type details in a process form. The provisioning of exchange has got failed. I checked in resource history and found that create user process task has got rejected with response as error and response description as "Create Object failed". Below is the error found in Connector server logs:

      0/9/2013 11:31:05 PM  <VERBOSE>: Class-> ADExchangeConnectorSchema, Method -> GetSchemaAttributeInfos, Message -> Exiting the method

      10/9/2013 11:31:05 PM  <VERBOSE>: Class-> ADExchangeConnectorSchema, Method -> GetObjectClassInfo, Message -> Exiting the method

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> Org.IdentityConnectors.Exchange.LocalRunspacePowershellImpl, Method -> getReqdUserInfoFromTarget, Message -> Method Entered

      10/9/2013 11:31:05 PM  <WARNING>: Class-> Org.IdentityConnectors.Exchange.LocalRunspacePowershellImpl, Method -> getReqdUserInfoFromTarget, Message -> User information pdevtest72 provided cannot be converted to GUID Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).. User would be searched for UPN or DN

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> Method Entered

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> PowerShell Command: Get-User

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> Parameter: filter Value:UserPrincipalName -eq 'pdevtest72' -or DistinguishedName -eq 'pdevtest72'

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> Parameter: ReadFromDomainController Value:

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> Parameter: IgnoreDefaultScope Value:

      10/9/2013 11:31:05 PM  <VERBOSE>: Class-> Org.IdentityConnectors.Exchange.LocalRunspaceInstance, Method -> InvokePipeline, Message -> Entering the method

      10/9/2013 11:31:05 PM  <VERBOSE>: Class-> Org.IdentityConnectors.Exchange.LocalRunspaceInstance, Method -> InvokePipeline, Message -> Created a pipeline System.Management.Automation.Runspaces.LocalPipeline

      10/9/2013 11:31:05 PM  <INFORMATION>: Class-> PowerShellExchangeServiceImpl, Method -> InvokePipeline, Message -> Exiting the method

      10/9/2013 11:31:05 PM  <WARNING>: Class-> Org.IdentityConnectors.Exchange.LocalRunspacePowershellImpl, Method -> getReqdUserInfoFromTarget, Message -> Could not find user pdevtest72

      ConnectorServer.exe Error: 0 : System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

         at System.ThrowHelper.ThrowKeyNotFoundException()

         at System.Collections.Generic.Dictionary`2.get_Item(TKey key)

         at Org.IdentityConnectors.Exchange.LocalRunspacePowershellImpl.Create(ObjectClass oclass, ICollection`1 createAttrs, OperationOptions options)

         at Org.IdentityConnectors.Exchange.ExchangeConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options)

         at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388

         at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244

         at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )

         at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609

       

      Please help me in configuring it.

        • 1. Re: Exchange connector
          958133

          Did you prepopulated User Logon name, it shouldbe same as principal name of AD and is mandatory

          • 2. Re: Exchange connector
            989437

            Hi,

             

            The above solution has changed the error. Now I could see the below error in connector server log where USFCIADC02.am.sony.com is a DomainController.

             

            10/10/2013 1:25:16 AM  <VERBOSE>: Class-> Org.IdentityConnectors.Exchange.LocalRunspaceInstance, Method -> InvokePipeline, Message -> Created a pipeline System.Management.Automation.Runspaces.LocalPipeline

            ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Problem while PowerShell execution Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Active Directory operation failed on USFCIADC02.am.sony.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

            Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

               at Org.IdentityConnectors.Exchange.RunSpaceInstance.CheckErrors(IList errors)

            • 3. Re: Exchange connector
              958133

              The user by which you are trying to connect to the connector server on which EMC is deployed do not have full privilidges it seems.

              The user should be part of administrators group. Please check this out.

              • 4. Re: Exchange connector
                989437

                Thanks for the response. Client has provided 3 databases which has privileges. Now I could not see privilege issue but still issue is not completely resolved. I am still getting the below error:

                 

                10/10/2013 3:09:59 AM  <VERBOSE>: Class-> Org.IdentityConnectors.Exchange.LocalRunspaceInstance, Method -> InvokePipeline, Message -> Created a pipeline System.Management.Automation.Runspaces.LocalPipeline

                ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Problem while PowerShell execution Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: No provisioning handler is installed.

                 

                 

                   at Org.IdentityConnectors.Exchange.RunSpaceInstance.CheckErrors(IList errors)

                   at Org.IdentityConnectors.Exchange.LocalRunspaceInstance.InvokePipeline(Collection`1 commands)

                   at Org.IdentityConnectors.Exchange.Service.AbstractPowerShellService.InvokePipeline(Command cmd)

                   at Org.IdentityConnectors.Exchange.Service.AbstractPowerShellService.InvokePipeline(Command cmd)

                   at Org.IdentityConnectors.Exchange.LocalRunspacePowershellImpl.Create(ObjectClass oclass, ICollection`1 createAttrs, OperationOptions options)

                • 5. Re: Exchange connector
                  958133

                  please check if you are direcly able to create a mailbox using EMC form connector server.. If  not then again user is having lesser privs.     

                  • 6. Re: Exchange connector
                    989437

                    Hi,

                     

                    Now client has provided permissions to the service account and able to create user in exchange through emc and powershell script. But I am still facing issue while provisioning exchange from OIM. I am seeing below errors. Please help me in finding the solution of it. These error keep switching though I am providing the same parameters in process form.

                     

                    1) Org.IdentityConnectors.Exchange.RemoteRunspaceInstance Method -> CheckForErrors, Message -> Error Occurred while executing powershell command The operation couldn't be performed because object 'pdevtest910@am.sony.com' couldn't be found on 'servername@domain name'.

                    ConnectorServer.exe Error: 0 : System.Management.Automation.RemoteException: The operation couldn't be performed because object 'pdevtest910@domain name' couldn't be found on 'servername@domain name'.

                     

                     

                    2) Error while creating UserMailbox for User pdevtest908@domain name. Message is Problem while PowerShell execution System.Management.Automation.RemoteException: This task does not support recipients of this type. The specified recipient OU/devtest908,pfname is of type UserMailbox. Please make sure that this recipient matches the required recipient type for this task.

                     

                     

                    For the second error I have also tried to change the recipient type to mailUser but error remains the same.

                    • 7. Re: Exchange connector
                      989437

                      Hi Experts,

                       

                      I need your help on one of the recent issue I have noticed in exchange connector. I was working fine but all off the sudden I am seeing the below error and unable to provision user to exchange. I have copied the stack trace of it. Please have a look and let me know if any one else has faced the same error.

                       

                      [2013-12-03T20:50:54.568-08:00] [wls_oim1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '22' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000KAvwS2VAxG3FrnaeK21I_X^T0003ig,0] [APP: oim#11.1.2.0.0] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[

                      java.lang.RuntimeException: Object reference not set to an instance of an object.

                              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:283)

                              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:282)

                              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)

                              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

                              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

                              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)

                              at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:155)

                              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

                              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

                              at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)

                              at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)

                              at $Proxy488.create(Unknown Source)

                              at sun.reflect.GeneratedMethodAccessor5206.invoke(Unknown Source)

                              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                              at java.lang.reflect.Method.invoke(Method.java:597)

                              at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:107)

                              at $Proxy488.create(Unknown Source)

                              at sun.reflect.GeneratedMethodAccessor5206.invoke(Unknown Source)

                              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                              at java.lang.reflect.Method.invoke(Method.java:597)

                              at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)

                              at $Proxy488.create(Unknown Source)

                              at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.create(AbstractConnectorFacade.java:123)

                              at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:276)

                              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                              at java.lang.reflect.Method.invoke(Method.java:597)

                              at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEXCHANGECREATEUSER.EXCHANGECREATEUSER(adpEXCHANGECREATEUSER.java:109)

                              at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEXCHANGECREATEUSER.implementation(adpEXCHANGECREATEUSER.java:54)

                              at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)

                              at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)

                              at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:3148)

                              at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:716)

                              at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)

                              at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)

                              at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:847)

                              at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1162)

                              at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:794)

                              at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:175)

                              at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:235)

                              at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)

                              at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)

                              at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2910)

                              at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:3008)

                      • 8. Re: Exchange connector
                        user13680598

                        Here you need to verify input to create mailbox task on exchange PD.

                        Even  you can see these failed task from OPEN TASKS option from admin console.

                        for user are you testing..exchange provisioning that user is provisioned to AD right?