Symantec IGA

 View Only
  • 1.  Connector Server AD Account Creation issue

    Posted Dec 13, 2016 01:31 AM

    EtaTrans Log:

    20161213:012300:TID=001184:Modify :D588:E579:F: FAILURE: DB Modify (eTGlobalUserName=<etaadmin>)
    20161213:012300:TID=001184:Modify :D588:E579:F: rc: 0x0014 (Type or value exists)
    20161213:012300:TID=001184:Modify :D588:E579:F: msg: DB Modify failed: Type or value exists (ldaps://<Prov Server>:20391)
    20161213:012300:TID=001184:Bind :E579:----:F: FAILURE: External Bind (eTGlobalUserName=<etaadmin>)
    20161213:012300:TID=001184:Bind :E579:----:F: rc: 0x0031 (Invalid credentials)
    20161213:012300:TID=001184:Bind :E579:----:F: msg: :ETA_E_0302<BGU>, Bind to provisioning server as '<etaadmin>' failed: Inval
    20161213:012300:TID=001184:Bind :E579:----:F:+id credentials or Global User is locked

     

    Prov Server Error:

    Account :ETA_E_0016<AAC>, Account for Global User 'a2e53f37-be07-4e6e-b66f-4fcf8787ea56' on Active Directory Endpoint 'AD-Test' creation failed: :ETA_E_0004<AAC>, Active Dir. Account 'jglass206' on 'AD-Test' creation failed: Connector Server Add failed: Constraint Violation (ldaps://ProvServer:20403) 

     

    Please advise



  • 2.  Re: Connector Server AD Account Creation issue

    Broadcom Employee
    Posted Dec 19, 2016 10:54 AM

    Seems like the credentials you are using are not valid.  Have you tested these credentials outside of the CA software?



  • 3.  Re: Connector Server AD Account Creation issue

    Broadcom Employee
    Posted Dec 19, 2016 03:02 PM

    I agree with Andrew. From this error message, possibly the global user is locked or the credentials are incorrect.

     

    Have you tried the credentials outside the CA software?

     

    Regards,

    Sagi



  • 4.  Re: Connector Server AD Account Creation issue

    Posted Dec 19, 2016 03:13 PM
      |   view attached

    Sagi,

     

    Yes, I did I used Apache Dir. Studio and I can able to connect via Prov. Server using 20389 & DSA root using 20391.

     

    But when I used CA Password manager utility to resync IM & ETA – complains about the Password stuff.

     

    Please advise

     

    Regards,

    Manjunath Mudigonda

    (551)208-5299 (M)



  • 5.  Re: Connector Server AD Account Creation issue

    Posted Dec 20, 2016 05:57 AM

    Please check if the account being created (jglass206) already exists in AD. The "Constraint Violation" error usually means an attempt to create an object that already exists, or an object that contains invalid data on one or more attributes. Check the account data also.

     

    Regards,

    Pioker



  • 6.  Re: Connector Server AD Account Creation issue
    Best Answer

    Broadcom Employee
    Posted Dec 21, 2016 06:21 AM

    Found also that you have a support case to this (found having #00627568/00627968) same problem.