04-16-2012 04:34 PM
Hi all,
I recently was involved in troubleshooting an access issue for a client. We managed to work out what was going on and I thought I'd share.
Users were unable to access their vaulted items. If they attempted to do so, they would be prompted for credentials.
To try to get to a root cause, I checked the user's Provisining Group membership from "Display Policies Assigned to Mailboxes". This was showing that the user did not have a provisining group assignment. The group membership list for the user was long and his membership list was even longer so I explicitly added him as a user and ran the task again. Still no good!
My next step was to add a new group with a higher rank and then add him in. When I ran the provioning task this time it added him into the new group. I checked the event log and noticed the following error from the provisioning task run:
The Exchange mailbox provisioning task failed to read required information from Active Directory. The task has stopped. Ensure that the Active Directory server is operational and the account the task is using to log on has read access to the required objects. Then run the task again.
Task: Exchange Provisioning Task for foo.bar
Domain: foo.bar
Provisioning group: foo.bar group
Group member: OU=Some OU,DC=foo,DC=bar
AD server: GC://gc.foo.bar
Error: Failed to read required properties from AD 'OU' object [GC://gc.foo.bar/OU=Some OU,DC=foo,DC=bar] - There is no such object on the server.
For more information, see Help and Support Center at http://evevent.symantec.com/rosetta/showevent.asp?EvtID=41129d
Aha! My client had recently done some AD renovating and the provisioning task was failing when it encountered OUs in its list that no longer existed. Removing these objects resolved the issue.
I hope this helps somebody!
Cheers
Ben
04-17-2012 03:01 AM
Thanks for sharing. There is a TN out there that I will get updated.http://www.symantec.com/docs/TECH56304
04-18-2012 07:05 AM
Ben
What version of EV were you seeing this on? We've tried to repro it internally, using EV9SP3 but was unsuccessful.
Steps taken:-
1) Create a Provisioning Group with 1 OU in it.
2) Provision the users.
3) Create a new OU and add that to the PG.
4) Provision the users.
5) Delete the OU in AD.
6) Run Provisioning, no errors.
04-30-2012 10:16 PM
Thanks Mark. It was EV 10 but the client has been running EV since 7.5. The issue was present when they were running 8.