cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Unable to add users manually to a provisioning group

roaryT
Level 4

‎11-08-2010 06:20 AM

I have a strange issue where I cannot add individual users to a prov group and get the task to complete.  I am getting event id 41129

The Exchange mailbox provisioning task failed to read required information from Active Directory. The task has stopped. Ensure that the Active Directory server is operational and the account the task is using to log on has read access to the required objects. Then run the task again.

Task: Exchange Provisioning Task for domain.com

Domain: domain.com

Provisioning group: Test Group

Group member: domain\username

AD server: GC://10.0.0.1

 

I can run a prov task if the whole org is added and not just the above test group with two users manually added.

All the info I can find in relation to this error suggests to delete the uses from the prov group to then enable it to progress on, however in this case there are only two users and they need to be provisioned to this group.

 

Errors from Dtrace;

{ExchangePolicySynchronization.HandleFatalException} Fatal exception raised while processing provisioning group [Test Group] / [domain\username] - Unable to get AD path for SID [S-1-5-21-2281559424-4145653854-1186780546-3898] - HRESULT [80070057]. Stack trace:    at KVS.EnterpriseVault.ExchangePolicySync.ExchangePolicySynchronization.GetADObjectFromSID(String objSID)|   at KVS.EnterpriseVault.ExchangePolicySync.ExchangePolicySynchronization.ProcessUser(PolicyTargetInfo targetInfo, Boolean& bMbxsReturned)|   at KVS.EnterpriseVault.ExchangePolicySync.ExchangePolicySynchronization.RunSynchronization(ExchangePolicySyncTaskEntry taskEntry, CheckControlEventsDelegate checkControlEvents, Boolean reportMode)
224 13:47:50.050  [7060] (EvExchangePolicySyncTask) <344> EV~E |Event ID: 41129 The Exchange mailbox provisioning task failed to read required information from Active Directory. The task has stopped. Ensure that the Active Directory server is operational and the account the task is using to log on has read access to the required objects. Then run the task again.|Task: Exchange Provisioning Task for domain.com|Domain: domain.com|Provisioning group: Test Group|Group member: domain\username|AD server: GC://10.0.0.1|Error: Unable to get AD path for SID  

Any advice appreciated.

Thanks, 

0 Kudos
7 REPLIES 7

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

‎11-08-2010 06:36 AM

Hi,

Sounds like a permission issue to me. Also, the error seems to indicate this:

The Exchange mailbox provisioning task failed to read required information from Active Directory. The task has stopped. Ensure that the Active Directory server is operational and the account the task is using to log on has read access to the required objects. Then run the task again.|

I suggest to re-verify the pre-requisites for the Vault Service Account!

Verify that it is not member of ANY group, to exclude possible denies on objects.

Regards. Gertjan
0 Kudos

RahulG
Level 6
Employee

‎11-08-2010 06:40 AM

sometimes the PST Migration retains a mailbox that was disabled in AD but still recorded in SQL as Enabled for archiving if that is the case

1) Change the problem mailbox status in SQL to MbxArchivingState = 2 ( DISABLED)
2) Remove the problem mailbox from the provisioning group listed with the Event ID: 41129 description

Can refer SQL query USE EnterpriseVaultDirectory SELECT * FROM exchangemailboxentry where MbxDisplayName = 'Test' and found that MbxExchangeState = 1
and MbxArchivingState = 1

you need to changed the MbxArchivingState to = 2 [USE EnterpriseVaultDirectory UPDATE exchangemailboxentry SET  mbxexchangestate = '2' where MbxDisplayName = 'Test']
 

0 Kudos

roaryT
Level 4

‎11-08-2010 07:02 AM

Thanks Gertjan however, I can confirm the VSA is only a member of users and all other permissions are ok.  I would have thought if it was permissions it would also fail when the whole exchange org is the target but it doesnt just when I specify individual users.

I thought it may be as due to the root domain and not having access but I have confirmed the VSA has read access to the root domain.  All mailboxes including the VSA are in the child domain.

Deployment scanner is all good.

The mailbox task is running fine.

Any other ideas?

Thanks,

0 Kudos

JesusWept3
Level 6
Partner Accredited Certified

‎11-08-2010 07:06 AM

Which version of EV are you on? it reminds me of that stupid multiple SELF issue, but that issue has long been since resolved i think

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

roaryT
Level 4

‎11-08-2010 07:32 AM

its EV8 SP5 on win 2003 SP2 and exch 2003 sp2

0 Kudos

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

‎11-08-2010 09:51 AM

I'm not sure only read is enough.

Can you grant read/write (modify), and try again?

Regards. Gertjan
0 Kudos

roaryT
Level 4

‎11-09-2010 01:04 AM

Hi,

Afraid I have tried giving it full control to the root domain but this has not helped.

Can confirm if I provision the same users as part of their OU it works fine and they archive ok.

The issue is only when you run the task against a group where the scope if individual users. Quite odd really.

Note that the domain is 2003 and the forest is 2000 and all dcs are 2003 though raising the forest I suspect is not the answer?  And wouldnt want to suggest this if not.

0 Kudos