|
Error | Cause
|
| ambiguous-update | The management agent cannot fulfill an update or delete request because the anchor is incorrectly configured or not unique. This error can be returned by SQL and Oracle management agents. If this error is encountered, check the anchor construction rules to ensure that each object has a unique anchor value.
|
| anchor-too-long | An attempt is made to construct an anchor that exceeded the maximum size limit for Microsoft Identity Integration Server 2003. This error can be returned by database management agents, file management agents, or the iPlanet 4.0 management agent.
|
| cd-error | An error is encountered while attempting to communicate with a connected data source, but there is no specialized error type for this error. This error is accompanied by a <cd-error> element, which contains information that should aid in troubleshooting the cause of the error.
|
| cd-existing-object | A request to add an object is exported to the connected data source, but the object is already present in the connected data source. This error can be returned by call-based management agents except for relational database management agents. It is never returned by file management agents.
|
| cd-missing-object | A request to modify an object is exported to the connected data source, but the object cannot be found in the connected data source. This error can be returned by call-based management agents, but never by a file management agents. The likely cause of this error is because some person or external process has deleted the object from the connected data source outside Identity Integration Server.
|
| certifier-ou-not-configured | An attempt is made to provision out a new user or container (o or ou) and the certifier name you have specified for the "_MMS_Certifier" attribute is not the name of a properly configured certifier container. Each certifier container must be configured using the Identity Integration Server administrative UI before it can be used in provisioning. This error can be returned by the management agent for Lotus Notes.
|
| code-page-conversion | An attempt is made to export an attribute value, which is stored in Unicode within the Identity Integration Server, to the code page of the export file, but fails because of conversion errors. This error can be returned by file management agents.
|
| constraint-violation | An attempt is made to export an add, modify, or delete request that violates the constraints of a connected data source. This error can be returned by LDAP management agents and database management agents. Violations for LDAP management agents include setting multiple values for a single valued attribute, exceeding field width constraints on string and binary attributes, or exceeding range constraints on numeric attributes. Database management agents can impose a variety of constraints, including those for referential integrity, rules, and constraints that may be defined for their database.
|
| dn-attributes-failure | An attempt is made to export an add or modify request that sets a reference value for which there is no corresponding connected data source object. This error can be returned by the Active Directory management agent, Active Directory Lightweight Directory Services management agent, and global address list synchronization management agent. The other management agents do not generate an error in this situation—the set is accepted by the connected data source. To correct this error, use the connector space object viewer to determine which of the changes to the reference attributes were not successfully exported.
|
| duplicate-anchor | The anchor on a newly provisioned object is not unique. This error can be returned by file management agents, database management agents, or the iPlanet 4.0 management agent. If this error is encountered, check the anchor construction rules to ensure that each object has a unique anchor value.
|
| encryption-not-enabled | An attempt is made to set or change the password attribute and the connection that the management agent uses to communicate to the connected data source has not been configured with an appropriate encryption mechanism (128 bit SSL or TLS). This error can be returned by the Active Directory Lightweight Directory Services management agent. 128-bit SSL or TLS configuration is a requirement imposed by Active Directory Lightweight Directory Services for setting passwords.
|
| insufficient-columns | An attempt is made to export an add or modify request to an object and the number of values for a multivalued attribute exceeds the number of columns configured for that attribute's multi-values. This error can be returned by the Fixed Width management agent or Delimited management agent.
|
| insufficient-field-width | An attempt is made to export an add or modify request to an object and the value of an attribute exceeds the width of the column. This error can be returned by the Fixed Width management agent.
|
| invalid-attribute-value | An attempt is made to flow out an attribute value that contains characters which are not valid for the connected data source. For example, the attribute values exported to the fixed width, delimited, and AVP file management agents cannot contain CR, LF, or EOF characters.
|
| invalid-dn | An attempt is made to export a newly provisioned object or rename an existing object, and the distinguished name is incompatible with the connected data source naming requirements. This error can be returned by LDAP management agents.
|
| invalid-provisioning-attribute-value | An attempt is made to export a newly provisioned object, but certain attributes for provisioning set by the customer extension are not valid (such as not in a certain value range).
|
| kerberos-no-logon-server | An attempt is made to set or change a password attribute, and the management agent cannot resolve a server for the domain part of the logon credentials. This generally means a NetBIOS or DNS misconfiguration. This error can be returned by the Active Directory management agent or the global address list synchronization management agent.
|
| kerberos-time-skew | The password attribute is being set or changed, and the time on the server running Identity Integration Services differs from the time on the Active Directory domain controller by more than five minutes. This error can be returned by the management agent for Active Directory or the management agent for Active Directory global address list (GAL).
|
| locking-error-needs-retry | Returned by a management agent when another management agent is trying to synchronize the same connector spaces object. To resolve this error, rerun the management agent a second time and error should not reoccur.
|
| missing-anchor-component | An attempt is made to export a newly provisioned object, but an anchor cannot be generated because a value required for constructing the anchor is not available. Possible for reasons for this error are that the attribute was not set at provisioning time (in the case of the iPlanet 4.0 management agent, database management agents, or file management agents) or it cannot be read from the connected data source (Active Directory management agents, the iPlanet 5.0 management agent, and database management agents when the anchor is constructed from an auto-increment column).
|
| missing-provisioning-attribute | An attempt is made to export a newly provisioned object, but certain attributes that are required for provisioning a new object have not been set by the customer extension. This error can be returned by the Notes management agent.
|
| modify-naming-attribute | An attempt is made to export a request where a naming attribute (such as CN for many object types) is set to a value that conflicts with the RDN value. This error can be returned by LDAP management agents. This error can occur because of a poorly defined export attribute flow rule or an error in the process code that sets initial values on a newly provisioned object.
|
| multi-valued-anchor-component | An attempt is made to construct the anchor for a newly provisioned object, but one of the attributes used in constructing the anchor has multiple values. This error can be returned by the iPlanet 4.0 management agent. Attributes used in the anchor construction can be defined to be multivalued in the connected data source schema, but they must only have a single value on the objects in Identity Integration Server.
|
| no-export-to-this-object-type | The management agent only allows import of objects of this object type. No export operations are allowed on this type of object. This error is returned by the NT 4.0 management agent if you try to perform provisioning operations or export attribute flow on computer objects.
|
| non-existent-parent | An attempt is made to export an add or a rename request but the parent object does not exist in the connected data source. This error can be returned by LDAP management agents.
|
| password-policy-violation | The password attribute is set or changed to a value which does not meet the administrator defined password policy of the connected data source. This error can be returned by the Active Directory management agent and global access list directory synchronization management agents.
|
| password-set-disallowed | The password encryption is set to either no encryption or less than 128-bit SSL and the administrator has not explicitly made an override to allow password sets. This error can be returned by the Active Directory management agent.
|
| permission-issue | An attempt is made to export an add, modify, or delete request and the management agent has insufficient permissions to perform the operation against the connected data source. This error can be returned by LDAP management agents and the NT4.0 management agent.
|
| provision-to-secondary-nab | An attempt is made to provision a person or certifier object to a secondary Notes address book. This error can be returned by the Notes management agent. Lotus Notes only allows provisioning contacts to secondary Notes address books.
|
| rename-to-existing-dn | An attempt is made to change the distinguished name of the object at the time of export but there is already an object in the connector space with that distinguished name. The distinguished name of an object can be changed on export in two ways:
- Database management agents, where the distinguished name is calculated based on the values of the attributes making up the anchor (these values may not be present until the object is exported)
- LDAP management agents where the connected data source applies certain normalization rules that cause the distinguished name to change.
In either case, examine how the distinguished name property of the object is created in the provisioning extension.
|
| schema-violation | An attempt is made to export an object modification that would add an attribute that is not in the connected data source schema or remove an attribute from an object which is required by the schema. This error can be returned by LDAP management agents. In most cases Identity Integration Server will not allow this error to occur since its rules check the stored copy of the connected data source schema. However, this error can occur if the Identity Integration Server schema is out of date with the connected data source schema. If this error is encountered, use the Identity Manager to refresh the schema stored with the management agent.
|
| syntax-violation | An attempt is made to export a request where the value for an attribute violates certain value constraints. This error can be returned by the management agent for LDAP Data Interchange Format (LDIF) files. A typical case of this error is when the value being exported contains a character that is not valid.
|
| temporary-certifier-file-creation-failure | An attempt was made to fetch the certifier information for the certifier container specified by the "_MMS_Certifier" attribute and temporarily create a certifier file in the MAData directory of the Notes MA for use by the Notes API. This occurs when a new user or container (o or ou) is provisioned. If this process of creating the certifier file fails for any reason (for example, out of disk space, permissions, etc) this export error is reported. This error can be returned by the Lotus Notes management agent.
|
| unexpected-error | An attempt is made to export a change and an unexpected error is encountered. To help troubleshoot this error, examine the event log. This error should not be encountered as part of normal operation and indicates a product malfunction. If you do encounter this error, contact Microsoft Product Support.
|
| unexpected-provisioning-attribute | This error is returned when you are exporting a newly provisioned object and certain attributes for provisioning set by the customer extension should not be included because they are incompatible with the values of other provisioning attributes. This error is returned by the Notes management in the following cases:
|