Layer 7 Identity Management

Expand all | Collapse all

MS Exchange 2013 agentless

Jump to Best Answer
  • 1.  MS Exchange 2013 agentless

    Posted 07-26-2015 04:39 PM

    Hello,

    We are trying to configure agentless connection with MS Exchange 2013, but when we try to create the mailbox we get an error:

     

    LDAP: error code 70 - CAFT Error : No remote CAFT server running. CAFT Timeout : 1800

     

    It is strange that error is related to CAFT because we run in agentless mode.

    Any suggestions how to overcome this?

     

    Thanks



  • 2.  Re: MS Exchange 2013 agentless

    Posted 07-28-2015 02:33 PM

    Hello,

     

    Please, confirm  version are you using?

     

    Already saw this problem for version 12.6 sp3 in the but fixed.

     

    https://support.ca.com/cadocs/0/CA%20Identity%20Suite%2012%206%204-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?2116253.html?zoom_highlightsub=agentless

     

    Regards

     

    Thanks



  • 3.  Re: MS Exchange 2013 agentless

    Posted 07-28-2015 02:55 PM

    Hello,

     

    Our version is 12.6.5. Anyway I will point this to CA support maybe, this fix was not ported from SP4

     

    Thank You



  • 4.  Re: MS Exchange 2013 agentless

    Posted 07-29-2015 12:33 AM

    Hi Guits,

     

    We had seen similar problems before and which were occurred because of “LDAP_REFFERAL” problem(we can see it if Active Directory have partitions generally. It's same https://support.ca.com/cadocs/0/CA%20Identity%20Suite%2012%206%204-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?2116253.html?zoom_highlightsub=agentless). This issue is addressed in IM12.5sp17 and IM12.6sp3 onwards.

     

    The fix is available in IM12.6sp5 also. So, Can you please confirm what version of .NET is running in C++ connetor machine and what is value of  “ADS_AGENTLESS_MODE” environment variable.
    Besides, is this problem occurring with EXCHG2013 only? or are you seeing same problem with EXHG2010 also?


    Thanks & Regards,

    Sudheer Kumar



  • 5.  Re: MS Exchange 2013 agentless

    Posted 07-29-2015 02:18 AM

    Hi,

     

    I am from the same site as Gutis.

     

    .Net versions 2.0, 3.0, 3.5, 4.0 installed.

    ADS_AGENTLESS_MODE=1.

    We have EXCHG2013 only in this implementation.

     

    Regards,

    Andrej



  • 6.  Re: MS Exchange 2013 agentless

    Posted 07-29-2015 11:16 AM

    We have not attempted Exchange 2013 yet, but perhaps our configuration for Exchange 2010 will help.

     

    Ensure that your CA IM Connector Server is installed on a server in the same AD forest as your Exchange server.

    Ensure that you have the Exchange Management Tools installed. It's a good idea to try creating a mailbox manually through the Exchange Management Console before trying it through CA IM.  Use the instructions included in the CA Wiki to run a test Powershell command against the Exchange Server to confirm that you can communicate and authenticate.

     

    Environment Variables

    ADS_AGENTLESS_AUTHMETHOD=2

    ADS_AGENTLESS_LOGLEVEL=3

    ADS_AGENTLESS_MAXCONN=5

    ADS_AGENTLESS_MODE=1

     

    Endpoint

    Create your AD endpoint.  Ensure that the credentials you use in the endpoint configuration have authority to read the schema in AD.  (Organizations with highly distributed support roles and responsibilities often lock down portions of the schema, which can cause problems.)  Once you have your endpoint configured, perform an Explore so the CA IM Provisioning Directory can discover the Exchange Server attributes in AD.  Consider using Provisioning Manager to attempt a manual mailbox create so you can confirm your connectivity to the Exchange Server.  Create / update your AD Account Template so it includes the Exchange attributes you desire, then attempt to apply that template to a user.



  • 7.  Re: MS Exchange 2013 agentless
    Best Answer

    Posted 08-10-2015 09:46 AM

    Ok the problem was with environment variables, they where defined in user context, recreated them as system environment variables, and now all works fine.