IBM Support

IJ16980: MICROSOFT EXCHANGE SENSOR FAILING FOR EXCHANGE SERVER 2016 THE SUPPLIED CREDENTIAL FOR '<DOMAIN>\<USERNAME>' IS INVALID

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Problem Description -

When we were running Microsoft Exchange sensor for target with
Exchange Server 2016, then following error is received:



"CTJTD0818E Unable to execute all commands from the script on
the target server. Message from the target: Active Directory
operation failed on . The supplied credential for
'<DOMAIN>\<USERNAME>' is invalid."



The problem is because of the NETWORK mode of logon used by
TaddmTool deployed on gateway machine to communicate with the
target system.

The issue also comes when we try to run sensor using powershell.



The issue is resolved in the PowerShell based approach by using
another way to create session to target Windows by connecting to
Virtual Directory named PowerShell configured on target system
and using Kerberos based authentication. The approach to create
session is mentioned in Microsoft documentation :

"Connect to Exchange servers using remote PowerShell"

https://docs.microsoft.com/en-us/powershell/exchange/exchange-se
rver/connect-to-exchange-servers-using-remote-powershell?view=ex
change-ps



In the solution, a session using above approach is created and
then it is imported in the existing session used for running
sensor scripts in the PowerShell based approach.  This sensor,
in case of this error, can be run only through powershell , so
following properties need to set in collation.properties:



com.collation.PowerShellAccessEnabled=true

com.collation.PreferPowerShellOverWMI=true



 If we don't want all profiles to get impacted The first
property - com.collation.PowerShellAccessEnabled can also be
enabled and set to true in Profile specific Properties on
Discovery Console .

Local fix

  • n/a

Problem summary

  • While running Microsoft Exchange sensor for target with
Exchange Server 2016, the following error is received:
"CTJTD0818E Unable to execute all commands from the script on
the target server. Message from the target: Active Directory
operation failed. The supplied credential for
'<DOMAIN>\<USERNAME>' is invalid."
This problem occurs because of the NETWORK mode of logon used by
TaddmTool deployed on gateway machine to communicate with the
target system.
The issue also comes when we try to run sensor using powershell.
This APAR aims to resolve this issue in the PowerShell based
approach by using another way to create session to target
Windows by connecting to Virtual Directory named PowerShell
configured on target system and using Kerberos based
authentication. The approach to create
session is mentioned in Microsoft documentation :
"Connect to Exchange servers using remote PowerShell"
https://docs.microsoft.com/en-us/powershell/exchange/exchange-se
rver/connect-to-exchange-servers-using-remote-powershell?view=ex
change-ps
In the solution, a session using above approach is created and
then it is imported in the existing session used for running
sensor scripts in the PowerShell based approach.  This sensor,
in case of this error, can be run only through powershell, so
the following properties need to be set in collation.properties:
com.collation.PowerShellAccessEnabled=true
com.collation.PreferPowerShellOverWMI=true
If we do not want all profiles to get impacted, the first
property - com.collation.PowerShellAccessEnabled can also be
enabled and set to true in Profile specific Properties on
Discovery Console .

Problem conclusion

  • The fix for this APAR is contained in the following maintenance
packages:
| Fix Pack | 7.3.0-TIV-ITADDM-FP0007

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ16980
    • 

  • Reported component name
    APP DEPENDENCY
    • 

  • Reported component ID
    5724N5500
    • 

  • Reported release
    730
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-06-20
    • 

  • Closed date
    2019-08-07
    • 

  • Last modified date
    2019-08-07
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • 999

    



Fix information


    

  • Fixed component name
    APP DEPENDENCY
    • 

  • Fixed component ID
    5724N5500
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPLFC","label":"Tivoli Application Dependency Discovery Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 August 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback