none
Exchange 2007 provisioning: Active directory error 0x8007052E

    General discussion

  • Hi,
    I enabled Exchange 2007 provisioning, and when I export users to AD the users are created, but I get ma-extension-error errors; looking at the event log I see errors like the following:

    There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=dperon,OU=Users,OU=Organic Units,DC=itis,DC=com.
    Type: Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException
    Message: An Active Directory error 0x8007052E occurred while searching for domain controllers in domain itis.com: Logon failure: unknown user name or bad password.
    Stack Trace:    at Microsoft.Exchange.Configuration.Tasks.Task.ThrowTerminatingError(Exception exception, ErrorCategory category, Object target)
       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessUnhandledException(Exception e)
       at Microsoft.Exchange.Configuration.Tasks.Task.BeginProcessing()
       at System.Management.Automation.Cmdlet.DoBeginProcessing()
       at System.Management.Automation.CommandProcessorBase.DoBegin()

    The users are created in AD and I can see them in the Exchange console as Mail Contact objects.

    Any hints? I could not find anything wrong with the accounts credentials used by the services.

    Thanks,
    Paolo

    Paolo Tedesco - http://cern.ch/idm
    Monday, January 04, 2010 5:50 PM

All replies

  • This error usually is due to a mismatch between the password stored in AD and the password stored in the AD MA. If that is not the case make sure that the AD MA account is in the Exchange Recipient Administrators role.
    David Lundell www.ilmBestPractices.com
    Monday, January 04, 2010 10:04 PM
  • Hi David,
    thanks for your answer.

    The password of the administrative account used by the AD MA to read information and create new objects should be correct, since new users are created in AD. However, I tried to insert it again in the agent properties dialog, and also tried to refresh the agent's schema, but nothing changed.

    The exchange extension should be running with the synchronization service account, right? I added the account to the Exchange Recipient Administrators security group but nothing changed as well.

    Are there any other possible causes of the error?

    Is there a guide for Exchange provisioning in the FIM documentation?

    Thanks,
    Paolo

    Paolo Tedesco - http://cern.ch/idm
    Tuesday, January 05, 2010 1:47 PM
  • Paolo,

    Did you provision the HomeMDB attribute?

    Greets,

    Stefan
    Wednesday, January 06, 2010 11:08 AM
  • Hi all,
    I tried the Universal Solution (tm): I re-installed the services and re-imported the configuration with the configuration migration tool, and now everything works as expected.
    I don't know what was wrong with the previous setup.
    The only possible source of problems I can see is that I had repeatedly restored old database backups to test something else. Did anyone experience something similar?

    Cheers,
    Paolo

    Paolo Tedesco - http://cern.ch/idm
    Wednesday, January 06, 2010 4:13 PM