ambiguous-update |
The management agent cannot fulfill an update or delete request because the anchor is incorrectly configured or not unique. This error is returned by Microsoft SQL Server and Oracle management agents. If you encounter this error, check the anchor construction rules to ensure that each object has a unique anchor value. |
anchor-too-long |
An attempt is made to construct an anchor that exceeded the maximum size limit for Forefront Identity Manager Synchronization Service (FIM Synchronization Service). This error is returned by database management agents, file management agents, or the iPlanet 4.0 management agent. |
cd-error |
An error can occur while you are trying to communicate with a connected data source, but there is no specialized error type for this error. This error is accompanied by a <cd-error> element, which contains information that should aid in troubleshooting the cause of the error. |
cd-existing-object |
A request to add an object is exported to the connected data source, but the object is already present in the connected data source. This error is returned by call-based management agents, except for relational database management agents. It is never returned by file management agents. |
cd-missing-object |
A request to modify an object is exported to the connected data source, but the object cannot be found in the connected data source. This error is returned by call-based management agents, but never by file management agents. The likely cause of this error is that some person or external process has deleted the object from the connected data source outside FIM Synchronization Service. |
certifier-ou-not-configured |
An attempt is made to provision out a new user or container (o or ou) and the certifier name you have specified for the "_MMS_Certifier" attribute is not the name of a correctly configured certifier container. Each certifier container must be configured using the FIM Synchronization Service administrative UI before it can be used in provisioning. This error is returned by the management agent for Lotus Notes. |
code-page-conversion |
An attempt is made to export an attribute value, which is stored in Unicode in the FIM Synchronization Service, to the code page of the export file, but it fails because of conversion errors. This error is returned by file management agents. |
constraint-violation |
An attempt is made to export an add, modify, or delete request that violates the constraints of a connected data source. This error is returned by Lightweight Directory Access Protocol (LDAP) management agents and database management agents. Violations for LDAP management agents include setting multiple values for a single valued attribute, exceeding field width constraints on string and binary attributes, or exceeding range constraints on numeric attributes. Database management agents can impose a variety of constraints, including those for referential integrity, rules, and constraints that may be defined for their database. |
dn-attributes-failure |
An attempt is made to export an add or modify request that sets a reference value for which there is no corresponding connected data source object. This error is returned by the Active Directory management agent, Active Directory Lightweight Directory Services management agent, and global address list synchronization management agent. The other management agents do not generate an error in this situation—the set is accepted by the connected data source. To correct this error, use the connector space object viewer to determine which of the changes to the reference attributes were not successfully exported. |
duplicate-anchor |
The anchor on a newly provisioned object is not unique. This error is returned by file management agents, database management agents, or the iPlanet 4.0 management agent. If you encounter this error, check the anchor construction rules to ensure that each object has a unique anchor value. |
encryption-not-enabled |
An attempt is made to set or change the password attribute, and the connection that the management agent uses to communicate to the connected data source was not configured with an appropriate encryption mechanism, for example, 128-bit Secure Sockets Layer (SSL) or Transport Layer Security (TLS). This error is returned by the Active Directory Lightweight Directory Services management agent. 128-bit SSL or TLS configuration is a requirement imposed by Active Directory Lightweight Directory Services for setting passwords. |
insufficient-columns |
An attempt is made to export an add or modify request to an object, and the number of values for a multivalued attribute exceeds the number of columns that are configured for that attribute's multi-values. This error is returned by the Fixed Width management agent or Delimited management agent. |
insufficient-field-width |
An attempt is made to export an add or modify request to an object, and the value of an attribute exceeds the width of the column. This error is returned by the Fixed Width management agent. |
invalid-attribute-value |
An attempt is made to flow out an attribute value that contains characters that are not valid for the connected data source. For example, the attribute values that are exported to the fixed width, delimited, and AVP file management agents cannot contain carriage-return (CR), line-feed (LF), or end-of-file (EOF) characters. |
invalid-dn |
An attempt is made to export a newly provisioned object or rename an existing object, and the distinguished name is incompatible with the connected data source naming requirements. This error is returned by LDAP management agents and the Windows NT 4.0 management agent. |
invalid-provisioning-attribute-value |
An attempt is made to export a newly provisioned object, but certain attributes for provisioning that were set by the customer extension are not valid (such as not in a certain value range). |
kerberos-no-logon-server |
An attempt is made to set or change a password attribute, and the management agent cannot resolve a server for the domain part of the logon credentials. This generally means there is a NetBIOS or DNS misconfiguration. This error is returned by the Active Directory management agent or the global address list synchronization management agent. |
kerberos-time-skew |
The password attribute is being set or changed, and the time on the server that is running Identity Integration Services differs from the time on the Active Directory domain controller by more than five minutes. This error is returned by the management agent for Active Directory Domain Services (AD DS) or the management agent for the Active Directory global address list (GAL). |
locking-error-needs-retry |
Returned by a management agent when another management agent is trying to synchronize the same connector spaces object. To resolve this error, rerun the management agent a second time, and the error should not reoccur. |
missing-anchor-component |
An attempt is made to export a newly provisioned object, but an anchor cannot be generated because a value that is required for constructing the anchor is not available. Possible reasons for this error are that the attribute was not set at provisioning time (in the case of the iPlanet 4.0 management agent, database management agents, or file management agents), or it cannot be read from the connected data source (Active Directory management agents, the iPlanet 5.0 management agent, and database management agents when the anchor is constructed from an auto-increment column). |
missing-provisioning-attribute |
An attempt is made to export a newly provisioned object, but certain attributes that are required for provisioning a new object were not set by the customer extension. This error is returned by the Notes management agent. |
modify-naming-attribute |
An attempt is made to export a request where a naming attribute (such as the CN attribute for many object types) is set to a value that conflicts with the relative distinguished name (also known as RDN) value. This error is returned by LDAP management agents. It can occur because of a poorly defined export attribute flow rule or an error in the process code that sets initial values on a newly provisioned object. |
multi-valued-anchor-component |
An attempt is made to construct the anchor for a newly provisioned object, but one of the attributes that is used to construct the anchor has multiple values. This error is returned by the iPlanet 4.0 management agent. Attributes that are used in the anchor construction can be defined to be multi-valued in the connected data source schema, but they must only have a single value on the objects in FIM Synchronization Service. |
no-export-to-this-object-type |
The management agent only allows import of objects of this object type. No export operations are allowed on this type of object. This error is returned by the Windows NT 4.0 management agent if you try to perform provisioning operations or export attribute flow on computer objects. |
non-existent-parent |
An attempt is made to export an add or a rename request, but the parent object does not exist in the connected data source. This error is returned by LDAP management agents. |
password-policy-violation |
The password attribute is set or changed to a value that does not meet the administrator-defined password policy of the connected data source. This error is returned by the Active Directory management agent and global access list directory synchronization management agents. |
password-set-disallowed |
The password encryption is set to either no encryption or less than 128-bit SSL, and the administrator has not explicitly made an override to allow password sets. This error is returned by the Active Directory management agent. |
permission-issue |
An attempt is made to export an add, modify, or delete request, and the management agent has insufficient permissions to perform the operation against the connected data source. This error is returned by LDAP management agents and the Windows NT 4.0 management agent. |
provision-to-secondary-nab |
An attempt is made to provision a person or certifier object to a secondary Notes address book. This error is returned by the Notes management agent. Lotus Notes only allows provisioning contacts to secondary Notes address books. |
rename-to-existing-dn |
An attempt is made to change the distinguished name of the object at the time of export, but there is already an object in the connector space that has that distinguished name. The distinguished name of an object can be changed on export in two ways:
- Database management agents, where the distinguished name is calculated based on the values of the attributes that make up the anchor (these values may not be present until the object is exported).
- LDAP management agents, where the connected data source applies certain normalization rules that cause the distinguished name to change.
In either case, examine how the distinguished name property of the object is created in the provisioning extension. |
schema-violation |
An attempt is made to export an object modification that would add an attribute that is not in the connected data source schema, or remove an attribute from an object that is required by the schema. This error is returned by LDAP management agents. In most cases, FIM Synchronization Service does not allow this error to occur because its rules check the stored copy of the connected data source schema. However, this error can occur if the FIM Synchronization Service schema is out of date with the connected data source schema. If you encounter this error, use the Synchronization Service Manager to refresh the schema that is stored with the management agent. |
syntax-violation |
An attempt is made to export a request in which the value for an attribute violates certain value constraints. This error is returned by the management agent for LDAP Data Interchange Format (LDIF) files and the management agent for Windows NT 4.0. This error typically occurs when the value that is being exported contains a character that is not valid. |
temporary-certifier-file-creation-failure |
An attempt was made to fetch the certifier information for the certifier container that is specified by the "_MMS_Certifier" attribute and temporarily create a certifier file in the MAData directory of the Notes MA for use by the Notes API. This occurs when a new user or container (o or ou) is provisioned. If this process of creating the certifier file fails for any reason (for example, out of hard disk space, permissions, and so on), this export error is reported. This error is returned by the Lotus Notes management agent. |
unexpected-error |
An attempt is made to export a change, and an unexpected error is encountered. To help troubleshoot this error, examine the event log. You should not encounter this error as part of normal operation; it indicates a product malfunction. If you encounter this error, contact Microsoft Product Support. |
unexpected-provisioning-attribute |
This error is returned when you are exporting a newly provisioned object, and certain attributes for provisioning that were set by the customer extension should not be included because they are incompatible with the values of other provisioning attributes. This error is returned by the Notes management in the following cases:
- When you create a contact (_MMS_IDRegType=0) and supply any one of the following attributes:
- _MMS_Certifier
- _MMS_OU
- _MMS_Password
- _MMS_IDStoreType
- _MMS_IDPath
- MailFile
- When you create a U.S. user or International user, but you do not specify creating an ID file (_MMS_IDStoreType=0), but you supply the _MMS_IDPath or MailFile attributes.
- When you create an OU (certifier), and supply the _MMS_OU attribute.
- When you create an O (certifier), and supply the _MMS_Certifier attribute.
|