• 2 replies
  • Latest Post - ‏2013-05-17T15:40:31Z by sasivenugopal
373 Posts

Pinned topic ITIM 5.1 and ADAgent: SetPassword Failed during ADD

‏2012-10-18T14:52:19Z |

I kept getting "SetPassword Failed during ADD" error from ADAgent when requesting account from ITIM. See below for logs. I can manually add a new user to AD and pulling from AD seemed to be working. Any ideas what's going on here?


Starting new DAML protocol server thread...
Starting message processing loop...
Reading HTTP header...
Read 130 bytes from HTTP header

HTTP Header record

001. POST HTTP/1.1
002. Content-type: text/xml; charset=utf-8
003. Content-length: 918
004. Host:
005. Cache-Control: no-store

Payload Size for request is 918 bytes
Read 918 of 918 bytes

Received PayLoad Message

001. <?xml version="1.0" encoding="UTF-8"?>
002. <LDAPMessage ID="8373068126385602736">
003. <BindRequest Name="*****" Version="2.0">
004. <SimpleAuthentication Password="*****">
005. </SimpleAuthentication>
006. </BindRequest>
007. <AddRequest>
008. <entry dn="eruid=john.smith, eradbasepoint=ou\=ITIM\,dc\=example\,dc\=net, eradgroupbasepoint=ou\=ITIMRoles\,dc\=example\,dc\=net">
009. <objectclass>
010. <oc-value>erADAccount</oc-value>
011. </objectclass>
012. <attr name="eraddialincallback">
013. <value>4</value>
014. </attr>
015. <attr name="eradupn">
016. <value>john.smith</value>
017. </attr>
018. <attr name="eradbasepoint">
019. <value>ou=ITIM,dc=example,dc=net</value>
020. </attr>
021. <attr name="eradexdialin">
022. <value>FALSE</value>
023. </attr>
024. <attr name="eradgroupbasepoint">
025. <value>ou=ITIMRoles,dc=example,dc=net</value>
026. </attr>
027. <attr name="erpassword">
028. <value>***************</value>
029. </attr>
030. </entry>
031. </AddRequest>
032. </LDAPMessage>

Changing entry name to 'john.smith'
Successfully parsed DAML request
Authenticating user 'agent....
Passing PDU to parent server...
Setting priority Level to 4
Added PDU condition string: Successful
Added ENTRY condition string: Successful
No event notification context matches this search request.
New callback thread. Operation is Add. Thread count: 1
Processing ADD request for john.smith
CWinADBasePoint(hEntry)->Initialize COM library When Thread Pool is not used
Agent Mailbox Permissions support Enabled for Reconciliation
Common Schema CN Attribute support is Enabled.Adapter will use ITIM common schema attribute 'cn'.
Using supplied base point: ou=itim,dc=example,dc=net
Base Point DN before calling EscapeAdsPath in Initialize : LDAP://ou=itim,dc=example,dc=net
Base Point DN after calling EscapeAdsPath in Initialize : LDAP://ou=itim,dc=example,dc=net
Bound to base point ou=itim,dc=example,dc=net
Binding to group base point: ou=itimroles,dc=example,dc=net
Bound to group base point.
Using Domain Flat Name: example
Default target for Terminal Server requests: \\exampleDC01B
RAS requests targeted to server: \\exampleDC01B
Generated RDN: CN=john.smith
Domain ADsPath before calling EscapeAdsPathin GetUserByUPN: LDAP://dc=example,dc=net
Domain ADsPath after calling EscapeAdsPathin GetUserByUPN: LDAP://dc=example,dc=net
Performing bind to Current Domain Controller.
ADsSearchFilter :(&(objectCategory=person)(objectClass=user)(userPrincipalName=john.smith))
The given UPN john.smith is not Duplicate.
Performing bind to Global Catalog.
The given UPN john.smith is not Duplicate.
SetPassword Failed during ADD for john.smith, so deleting new account. Error: 0x80072035 - The server is unwilling to process the request.
User Deletion succeded
PDU Condition code 5 (Create user failed. Failed while setting User Password)
Added PDU condition string: Create user failed. Failed while setting User Password
CWinADUser::~CWinADUser() : Entering ...
Released User object.
CWinADBasePoint::~CWinADBasePoint() : Entering ...
Domain object released.
Group Domain object released.
Memory released for all allocated strings.
Uninitializing COM library When Thread Pool is not used.
COM Uninitialized.
CWinADBasePoint::~CWinADBasePoint() : Exiting ...
CWinADUser::~CWinADUser() : Exiting ...
Returning from Processing ADD request for john.smith
Checking validity of condition codes...
Detected obsolete PDU condition code '5::ADK_CONDITION_FAILURE'
Returning PDU back to protocol module
Received PDU object from parent server
Converting PDU (1 entries) to XML...
Completed conversion of PDU to XML.
Sending response message( 573 bytes, payload = 452 ) to client...
Successfully sent response message
Updated on 2012-10-18T21:32:42Z at 2012-10-18T21:32:42Z by SystemAdmin
  • SystemAdmin
    373 Posts

    Re: ITIM 5.1 and ADAgent: SetPassword Failed during ADD

    Moved to Security Management forum.

  • sasivenugopal
    1 Post

    Re: ITIM 5.1 and ADAgent: SetPassword Failed during ADD



    Were you able to get a resolution to this issue.

    I am having the same problem, and would appreciate if you could share the resolution.


    Thank you,