Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

Provisiong issue

  • 1.  Provisiong issue

    Posted Feb 04, 2014 08:58 AM

    Hi,

    When I create an user in IDM server with provisioning role, user is getting created on IDM server and also on endpoint (AD). But it is showing failed status with below error message
     
    2014-02-04 08:04:01,309 ERROR [im.provisioning] (WorkManager(2)-42) javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0071<SGU>, Global User '***' synchronization for additions with existing provisioning roles failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1) ]; remaining name 'eTGlobalUserName=XXXX,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'
    2014-02-04 08:04:01,309 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (WorkManager(2)-42) Execution of event: IMTaskEvent failed.  Exception encountered: Synchronization of User with Provisioning Roles failed, see task events for details
    2014-02-04 08:04:01,310 ERROR [ims.tmt.IMSMessageListener] (WorkManager(2)-42) Exception Occured during event processing. 
    EventExecuteStateException: Failed to execute IMTaskEvent.
     
    Thanks,
     


  • 2.  RE: Provisiong issue

    Posted Feb 04, 2014 11:12 AM

    Do you get the same error if you modify some fiels of this user?

    Do you have exchange? is mailbox ctreated?

     

     



  • 3.  RE: Provisiong issue

    Posted Jun 25, 2019 08:04 AM
    Hello,

    Am facing the LDAP error code - 1 during sync in the recent days for many tasks which was working perfect earlier, any idea what could have caused the issue

    Product: Ca identity manager 14.2
    Error: ailed to execute SynchronizeAttributesWithAccountsEvent. ERROR MESSAGE: [LDAP: error code 1 - :ETA_E_0007<MGU>, Global User 'XXXX' modification failed: Attribute 'Default account name (User ID)' is required. It may not be cleared. ]

    Regards,
    Brijit.
    Original Message


  • 4.  RE: Provisiong issue

    Posted Jun 25, 2019 08:15 AM
    Adding to the above - User ID attribute is not updated, only name and country updated in the modify user profile task.

    Regards,
    Brijit.
    Original Message


  • 5.  RE: Provisiong issue

    Posted Nov 06, 2019 07:52 AM
    Please Enable "Synchornization on every event with accounts" in the task with which yoiu are facing issue.This will resolve issue.But it may lead to perfomance issue as synhronization will happen to account on every event.
    Original Message


  • 6.  Re: [CA IdentityMinder (formerly CA Identity Manager) General Discussion] P

    Posted Feb 04, 2014 01:38 PM
    You need to check the provisioning server log in order to have more information about the problem.
    It seems that the problem is related to the assignation of the role, so, you can force again the problem and check the error message. For that, go to the provisioning manager, search the global user, right click on the user and select "synchronize user with roles" you will receive an error message and in the bottom section of the window you will check the error with more details. Copy the content of the error...

    Enviado desde mi iPhone
    El 04/02/2014, a las 08:57, CA Security Global User CommunityMessage Boards <CommunityAdmin@communities-mail.ca.com> escribió:

    Hi,

    When I create an user in IDM server with provisioning role, user is getting created on IDM server and also on endpoint (AD). But it is showing failed status with below error message

    2014-02-04 08:04:01,309 ERROR [im.provisioning] (WorkManager(2)-42) javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0071<SGU>, Global User '***' synchronization for additions with existing provisioning roles failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1) ]; remaining name 'eTGlobalUserName=XXXX,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'
    2014-02-04 08:04:01,309 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (WorkManager(2)-42) Execution of event: IMTaskEvent failed. Exception encountered: Synchronization of User with Provisioning Roles failed, see task events for details
    2014-02-04 08:04:01,310 ERROR [ims.tmt.IMSMessageListener] (WorkManager(2)-42) Exception Occured during event processing.
    EventExecuteStateException: Failed to execute IMTaskEvent.

    Thanks,

    Posted by:idmlearner
    --
    CA Communities Message Boards
    108761064
    mb_message.2252815.108758524@myca-email.ca.com
    https://communities.ca.com


  • 7.  RE: Re: [CA IdentityMinder (formerly CA Identity Manager) General Discussio

    Posted Feb 04, 2014 10:37 PM

    Hi Marin,

    Thanks for your reply.

    I have below issues here

    1. I am getting the same error message even I try to synchronize the role using prv mgr

    Global User 'superuser_01' synchronization for additions with existing provisioning roles failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1) [Number of detail item(s): 1]

    2. The user is getting created in provisioning directory( I have verified using provisioning manager)

    3. The other user logged into the windows machine and using the same IDM server credentials , can able to create the user successfully . But it is failing with my windows user credentials.

    Thanks,



  • 8.  Re: [CA IdentityMinder (formerly CA Identity Manager) General Discussion] R

    Posted Feb 05, 2014 07:46 AM
    That is right, The message is the same in the bottom side of the window, but there is an icon next to the message that opens a small windows with more details about that failed message

    Enviado desde mi iPhone
    El 04/02/2014, a las 22:36, CA Security Global User CommunityMessage Boards <CommunityAdmin@communities-mail.ca.com> escribió:

    Hi Marin,

    Thanks for your reply.

    I have below issues here

    1. I am getting the same error message even I try to synchronize the role using prv mgr

    Global User 'superuser_01' synchronization for additions with existing provisioning roles failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1) [Number of detail item(s): 1]

    2. The user is getting created in provisioning directory( I have verified using provisioning manager)

    3. The other user logged into the windows machine and using the same IDM server credentials , can able to create the user successfully . But it is failing with my windows user credentials.

    Thanks,

    Posted by:idmlearner
    --
    CA Communities Message Boards
    108807122
    mb_message.2252815.108804582@myca-email.ca.com
    https://communities.ca.com


  • 9.  Re: [CA IdentityMinder (formerly CA Identity Manager) General Discussion] R

    Posted Feb 05, 2014 07:46 AM
    That is right, The message is the same in the bottom side of the window, but there is an icon next to the message that opens a small windows with more details about that failed message

    Enviado desde mi iPhone
    El 04/02/2014, a las 22:36, CA Security Global User CommunityMessage Boards <CommunityAdmin@communities-mail.ca.com> escribió:

    Hi Marin,

    Thanks for your reply.

    I have below issues here

    1. I am getting the same error message even I try to synchronize the role using prv mgr

    Global User 'superuser_01' synchronization for additions with existing provisioning roles failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1) [Number of detail item(s): 1]

    2. The user is getting created in provisioning directory( I have verified using provisioning manager)

    3. The other user logged into the windows machine and using the same IDM server credentials , can able to create the user successfully . But it is failing with my windows user credentials.

    Thanks,

    Posted by:idmlearner
    --
    CA Communities Message Boards
    108807122
    mb_message.2252815.108804582@myca-email.ca.com
    https://communities.ca.com


  • 10.  RE: Re: [CA IdentityMinder (formerly CA Identity Manager) General Discussio

    Posted Feb 06, 2014 04:32 AM

    Hi,

    If I user explore and correlate and Reverse sync the i can achieve create/modified accounts sync .

    How to handle deleted accounts on endpoint. It means if I delete an account on endpoint then how that account is deleted on IDM server ?

     

    Thanks,



  • 11.  Re: Provisiong issue

    Posted Jan 13, 2015 08:26 PM

    Maybe I can jump in, as I am experiencing the same issue in our training environment. The details of the error from the Provisioning Manager are: "Error:  Failure:  Create Account :ETA_E_0083<MAC>, Account for Global User 'testuser02' on Active Directory Endpoint 'Forward-ADS' update failed: Existing account 'Test User02' has not previously been correlated to this global user"

     

    I also see that the user IS created on the Active Directory endpoint, but it looks like IdM doesn't think so. I also noticed when I tried Role Synchronization, IdM says the account is missing on AD. So it looks like, although IdM created the account on the AD endpoint and the ldap, that they are not correlated? Is that possible? And now that I look at this picture, I see the Expected Accounts Account Name = testuser02 (sAMAccountName) while the Missing Accounts Account Name = Test User02 (commonname) - is that why it cannot correlate? Thanks!



  • 12.  Re: Provisiong issue

    Posted Jan 26, 2015 01:55 PM

    I am working with obrpa06, we are still looking for a solution to this issue.  A bit of history here.  Our environment is in Education where we use VMWare ESX where everything worked proporly.  We migrated the images to a new ESX environment and appyied new VMWare Tools.  We have this issue in the new environment.  Thinking there could be a problem caused by the updated VMWare tools, we re-installed both IDM and the Provisioning Server with no success.  We are open to suggestions on a remedy to this issue.