Error messages and problem solving

A warning or error message might be displayed in the user interface to provide information about the adapter or when an error occurs.

These errors might be displayed in the user interface when the adapter is installed on your system.

Table 1. Troubleshooting the Active Directory Adapter errors
Error message Corrective action
Unable to bind to base point Ensure that:
  • The Users Base Point is correctly specified on the adapter service form.
  • The target servers are up and reachable when they are specified in the base point.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to bind to group base point. Ensure that:
  • The Groups Base Point is correctly specified on the adapter service form.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The target servers are up and reachable when they are specified in the base point.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to determine default domain This error occurs when the Active Directory Adapter fails to:
  • Bind to root DSE
  • Get the default naming context
Ensure that:
  • The Users Base Point is correctly specified on the adapter service form.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Error binding to DN: DN String This error occurs when the Active Directory Adapter fails to bind to a user object of the Active Directory Server for processing.

Ensure that the user processed in the Active Directory Server is not deleted by any other process simultaneously.
Extended attribute attribute name has unsupported syntax The Active Directory Adapter does not support the data type used for the extended attribute. Use one of the following data types:
  • Boolean
  • Integer
  • Case-sensitive string
  • Not case-sensitive string
  • Numerical string
  • Unicode string
  • Distinguished name
  • Coordinated Universal Time coded time
  • Octet string
.
Extended attribute attribute name not found in Active Directory schema The extended attribute specified in the exschema.txt file does not exist on the Active Directory Server.

Either remove the attribute name from the exschema.txt file or add the attribute to the Active Directory Server.
Error binding to schema container error code. Loading of extended schema attribute attribute name failed. These errors occur when the Active Directory Adapter fails to extract the schema of the extended attributes.
  • Ensure that the Active Directory Server is reachable from the workstation where the adapter is installed.
  • Verify that the extended attribute is correctly defined and added to the user class.

When the adapter service is started, the adapter reads exschema.txt file and binds to the default domain. The default domain is the domain in which adapter is running. The adapter checks the syntax of the specified attribute. Because checking the syntax of extended attribute is one time process, it is done at the startup. If adapter fails to bind to the default domain, it does not manage any of the extended attributes.

Ensure that:
  • At least 1 domain controller is accessible before starting Active Directory adapter service.
  • The user account under which the adapter service is running has permission to read the Active Directory schema.
Error getting parent of schema error code. Loading of extended schema attribute attribute name failed.
Error binding to DN of schema error code. Loading of extended schema attribute attribute name failed.
Unable to connect to default domain. Loading of extended schema attribute attribute name failed.
Extended schema file not found. No extensions loaded. This information message occurs when the Active Directory Adapter fails to find the extended schema file (exschema.txt) or fails to open the file.
Unable to bind to user user name This error occurs when the Active Directory Adapter fails to connect to a user object in the Active Directory Server for processing.

Ensure that the user user name exists on the Active Directory Server.
Error determining RAS server name Check the value of the registry key ForceRASServerLookup. If the value of the key is TRUE, the Active Directory Adapter determines the RAS server regardless of whether you specify the server name on the adapter service form.

This error might be because the domain does not exist or the domain controller is not available for the specified domain.

Ensure that the Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to get domain name. Terminal and RAS servers cannot be determined. This error occurs when the Active Directory Adapter fails to get the domain name from the specified base point or from the default domain.

Ensure that a base point is specified with a correct domain name.
Invalid domain name syntax Use one of the following formats to specify the domain name:
  • Server name/ou=org1,dc=ibm,dc=com
  • ou=org1,dc=ibm,dc=com
User not found Ensure that the user exists on the Active Directory Server and is not directly deleted or modified on the Active Directory Server.
Group not found. Ensure that the group exists on the Active Directory Server and is not directly deleted or modified on the Active Directory Server.
Error setting attributes country. Unknown country code. The country code specified for the user is invalid.

Specify a valid country code and submit the request again. For information about valid country codes, see the country and region codes section in the Active Directory Adapter User Guide.
Could not modify the attribute–msExchUserAccountControl This warning occurs when the user mailbox is not disabled on suspending a user account.
Error removing membership from group group name The Active Directory Adapter failed to remove the membership of a user or group from the group group name.
Ensure that:
  • The user or group exists on the Active Directory Server.
  • The user or group is a member of the group group name.
  • The specified group exists on the Active Directory Server.
Error adding membership to group group name The Active Directory Adapter failed to add membership of the user or group to the group group name.
Ensure that:
  • The user or group exists on the Active Directory Server.
  • The user or group is not already a member of the group group name.
  • The specified group exists on the Active Directory Server.
Unable to get info on share share name This error occurs when the Active Directory Adapter fails to retrieve share information from the home directory of the user.
Ensure that:
  • The user account under which the adapter is running has access to the home directory.
  • The share name exists on the workstation where the home directory is created.
Invalid home directory path path name The Active Directory Adapter supports creation and deletion of only UNC home directories. Specify the UNC home directory path in the following format:

\\servername\sharename\foldername

Note:
  • NTFS security and Shares can be set only on the Home Directories that are a UNC path.
  • Share Access can be set only on the Home Directories that are a UNC path that have a share created.
Unable to delete home directory home directory name The Active Directory Adapter is not able to delete the specified home directory. If the adapter is unable to delete the UNC home directory, ensure that:
  • The value of the registry key DeleteUNCHomeDirectories is TRUE.
  • The user account under which the adapter is running has permissions to delete the directory.
Home directory deletion is not enabled. Home directory will not be deleted. To enable home directory deletion, set the values of DeleteUNCHomeDirectories and ManageHomeDirectories registry keys to TRUE. Resend the modify request from IBM® VerifyIBM Security Identity Governance and IntelligenceIBM Security Privileged Identity Manager.
Home directory creation not enabled. Directory will not be created. To enable home directory creation, set the values of CreateUNCHomeDirectories and ManageHomeDirectories registry keys to TRUE. Resend the modify request from IBM VerifyIBM Security Identity Governance and IntelligenceIBM Security Privileged Identity Manager.
Error creating home directory home directory name The Active Directory Adapter is not able to create home directory.
Ensure that:
  • A directory with the same name does not exist.
  • The user account under which the adapter is running has permissions to create home directory.
  • Intermediate directories exist. The adapter creates only the final directory in the specified path.
Unable to set Home Directory Drive. Failed to create Home Directory.
Unable to set Home Directory NTFS security. Failed to create Home Directory.
Unable to set Home Directory Share. Failed to create Home Directory.
Unable to set Home Directory Share Access. Failed to create Home Directory.
Error deleting share share name The Active Directory Adapter is not able to delete the share when you clear the value of the share-related attributes from the Active Directory Server account form.
Ensure that:
  • The user account has access to the specified share.
  • The specified share name exists.
  • The user account under which the adapter is running has permissions to create home directory.
Attribute eradeproxyaddresses Condition code 5 (Error setting attribute eradeproxyaddresses. ADSI Result code: 0x8000ffff - Catastrophic failure) This error occurs when the Active Directory Adapter fails to update the proxy address.
Ensure that:
  • Proxy addresses in the address list are in the correct format.
  • The SMTP primary proxy address is specified.
  • The primary proxy address is specified before specifying the secondary proxy address.
  • The extension for any specified proxy address is loaded on the Exchange server. For example, if you add X.500 proxy address with X.500 extension not loaded on the Exchange server, then the adapter does not update the new X.500 proxy address.
    To verify whether X.500 extension is loaded, follow these steps:
    1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
    2. Right-click a mailbox-enabled user account, and click Properties. The Properties window for the user account is displayed.
    3. Click the E-mail Addresses tab.
    4. On the E-mail Addresses page, click New. The New E-mail Address window is displayed. All of the supported address types are in the E-mail Address Type list. If X.500 address type is not available in the E-mail Address Type list, then the X.500 extension is not loaded on the Exchange server. Load the X.500 extension to support X.500 proxy addresses.
Unable to get 'IID_IMailRecipient' interface These errors are related to user account mailbox.
Ensure that:
  • The Microsoft Exchange Information Store service is running.
  • Service Pack 2 or Service Pack 1 is installed for Exchange Server 2003.
  • The Active Directory Adapter service is running under a domain administrator account.
  • Access to the Mailbox Rights window from the Active Directory Server is available. To access the Mailbox Rights window from the Active Directory Server, follow these steps:
    1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
    2. Right-click a mailbox-enabled user account, and click Properties. The Properties window for the user account is displayed.
    3. Click the Exchange Advanced tab.
    4. On the Exchange Advanced page, click Mailbox Rights. The Mailbox Rights window is displayed.
Failed to get interface 'IID_IExchangeMailbox'
Could not Reconcile Mailbox-Permissions
Search failed. Unable to retrieve additional data after 3 retries. The Active Directory Adapter retrieves data from the Active Directory Server in a paged manner. The adapter reconciles users, groups, and containers and attempts to retrieve data in a maximum of three attempts. If all three attempts fail, the adapter abandons the search.
The adapter cannot retrieve data because of one of the following reasons:
  • The network response is slow.
  • The Active Directory Server is busy.
  • The Active Directory Adapter installed on the Active Directory Server is overloading the server.
For information about configuring the Active Directory Server, see http://support.microsoft.com.
User search failed
Group search failed. Error code: error code - error description. Provider: provider name.
Container search failed. Error code: error code - error description. Provider: provider name.
Error performing User Lookup
Failed to get mailbox rights using 'get_MailboxRights'. Error code: 0x80070057 - The parameter is incorrect. The Exchange provider uses Collaboration Data Objects for Exchange Management (CDOEXM) to create a mailbox for a user object. Under certain conditions, CDOEXM is incorrectly marked as initialized, though CDOEXM is not fully initialized. Therefore, later attempts to use CDOEXM do not succeed. For more information about this error, see http://support.microsoft.com.
errorMessage="Unsupported filter" The adapter does not support the attribute specified in the filter. For the list of supported attributes, see supported attributes in the Active Directory Adapter User Guide.

Error setting attribute eradprimarygroup. ADSI Result code: 0x80072035 - The server is unwilling to process the request.

 Ensure that:
  • The user is a member of the specified group.
  • The specified group is either a universal security group or a global security group.

ADSI Result code: 0x80072014 - The requested operation did not satisfy one or more constraints associated with the class of the object.

 These errors occur when the specified value for the attribute violates any constraint associated with that attribute. For example, a constraint might be:
  • Minimum or maximum length of characters the attribute can store.
  • Minimum or maximum value the attribute can accept.
Ensure that the specified value for the attribute does not violate these constraints.
Note: If any one of the attribute specified in the request violates a constraint, the adapter gives the same error for all the subsequent attributes. The error is issued even though they do not violate any constraint. For example, the Title attribute on the Active Directory Server can store a description of maximum of 64 characters. If you specify description of more than 64 characters, the adapter gives these errors for the Title attribute and for all the other attributes specified in the request.

ADSI Result code: 0x8007202f - A constraint violation occurred.
Request for proxy email types should contain at least one primary SMTP address Verify that:
  • The request for proxy email types contains a primary SMTP address.
  • The SupportedProxyEmailTypes registry key contains a comma-separated list of proxy email types that are supported by the Microsoft API put_ProxyAddresses.
Unable to bind to group group name. This error occurs when the Active Directory Adapter fails to connect to a group object in the Active Directory Server for processing.

Ensure that the group group name exists on the Active Directory Server.
The specified User Principal Name (UPN) UPN values already exists in the enterprise. Specify a new one. This error occurs when an attempt is made to create the user request and the user account exists in the Active Directory Server with the same value for User Principal Name attribute.
Ensure that:
  • The value specified for the User Principal Name attribute when you create a user account is not already used by an existing user account on the Active Directory Server.
  • You set the registry key UPNSearchEnabled to FALSE when you do not want the adapter to check the uniqueness of the User Principal Name attribute. For more information about usage of the registry key UPNSearchEnabled, see "User Principal Name of a user account" in the Active Directory Adapter User Guide.
Error while fetching the group interface for group DN. This error occurs when the Active Directory Adapter fails to bind to a group object on the Active Directory Server for processing.

Ensure that the group processed in the Active Directory Server is not deleted by any other process simultaneously.
Unable to bind to the container object in move operation. This error occurs when the Active Directory Adapter binds to the requested container when a user or group object is moved in the Active Directory Server hierarchy.

Ensure that the container exists on the Active Directory Server.
Cannot set Fixed Callback without Callback number. Callback number not found in the request. When you select Callback Settings as Fixed Callback, you must specify the Callback Number.
Error setting the RAS attribute RAS attribute name. Error reading RAS info. Ensure that:
  • The user account under which the adapter is running has administrator rights to the Active Directory Server.
  • The RAS service is running on the Domain Controller.
Not a valid IPv4 address. The IP address specified for the Static IPv4 Address is in an incorrect format.

Specify the IP address in the IPv4 format.
Home Directory will not be created. Home directory management is disabled. Set the adapter registry keys CreateUNCHomeDirectories and ManageHomeDirectories to TRUE to:
  • Create a home directory
  • Create home directory share
  • Set share access
  • Set home directory NTFS access for a user account.
For more information about creating the home directory and modifying the home directory attribute, see Active Directory Adapter User Guide.
Cannot create share share name. Home directory management is disabled.
Cannot set share access. Home directory management is disabled.
Cannot set NTFS access. Home directory management is disabled.
Create mailbox failed. API error code: 0x80004005 The error code 0x80004005 occurs because of replication delays or an exception in the Exchange libraries that the adapter uses.
You can either
  • Submit the mailbox create request again after this failure
  • Let the adapter try to create mailbox by using the registry keys CreateMailboxRetryAttempts and CreateMailboxRetryDelay.
Table 2. Troubleshooting the Active Directory Adapter errors
Error message Corrective action
Unable to bind to base point Ensure that:
  • The Users Base Point is correctly specified on the adapter service form.
  • The target servers are up and reachable when they are specified in the base point.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to bind to group base point. Ensure that:
  • The Groups Base Point is correctly specified on the adapter service form.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The target servers are up and reachable when they are specified in the base point.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to determine default domain This error occurs when the Active Directory Adapter fails to:
  • Bind to root DSE
  • Get the default naming context
Ensure that:
  • The Users Base Point is correctly specified on the adapter service form.
  • The user ID is correctly specified on the adapter service form.
  • The password is correctly specified on the adapter service form.
  • The Active Directory Server is reachable from the workstation where the adapter is installed.
Error binding to DN: DN String This error occurs when the Active Directory Adapter fails to bind to a user object of the Active Directory Server for processing.

Ensure that the user processed in the Active Directory Server is not deleted by any other process simultaneously.
Extended attribute attribute name has unsupported syntax The Active Directory Adapter does not support the data type used for the extended attribute. Use one of the following data types:
  • Boolean
  • Integer
  • Case-sensitive string
  • Not case-sensitive string
  • Numerical string
  • Unicode string
  • Distinguished name
  • UTC coded time
  • OctetString
  • Integer8
Extended attribute attribute name not found in Active Directory schema The extended attribute specified in the exschema.txt file does not exist on the Active Directory Server.

Either remove the attribute name from the exschema.txt file or add the attribute to the Active Directory Server.
Error binding to schema container error code. Loading of extended schema attribute attribute name failed. These errors occur when the Active Directory Adapter fails to extract the schema of the extended attributes.
  • Ensure that the Active Directory Server is reachable from the workstation where the adapter is installed.
  • Verify that the extended attribute is correctly defined and added to the user class.
When the adapter service is started, the adapter reads the exschema.txt file and binds to the domain in which the adapter is running. The adapter checks the syntax of the specified. Because checking the syntax of an extended attribute is a one-time process, it is done at startup. If the adapter fails to bind to the domain, it does not manage any of the extended attributes.
Ensure that:
  • At least 1 domain controller is accessible before starting the Active Directory Adapter service.
  • The user account under which the adapter service is running has permission to read the Active Directory schema.
Error getting parent of schema error code. Loading of extended schema attribute attribute name failed.
Error binding to DN of schema error code. Loading of extended schema attribute attribute name failed.
Unable to connect to default domain. Loading of extended schema attribute attribute name failed.
Extended schema file not found. No extensions loaded. This information message occurs when the Active Directory Adapter fails to find the extended schema file (exschema.txt) or fails to open the file.
Unable to bind to user user name This error occurs when the Active Directory Adapter fails to connect to a user object in the Active Directory Server for processing.

Ensure that the user user name exists on the Active Directory Server.
Error determining RAS server name Check the value of the registry key ForceRASServerLookup. If the value of the key is TRUE, the Active Directory Adapter determines the RAS server regardless of whether you specify the server name on the adapter service form.

This error might be because the domain does not exist or the domain controller is not available for the specified domain.

Ensure that the Active Directory Server is reachable from the workstation where the adapter is installed.
Unable to get domain name. Terminal and RAS servers cannot be determined. This error occurs when the Active Directory Adapter fails to get the domain name from the specified base point or from the default domain.

Ensure that a base point is specified with a correct domain name.
Invalid domain name syntax Use one of the following formats to specify the domain name:
  • Server name/ou=org1,dc=ibm,dc=com
  • ou=org1,dc=ibm,dc=com
User not found Ensure that the user exists on the Active Directory Server and is not directly deleted or modified on the Active Directory Server.
Group not found. Ensure that the group exists on the Active Directory Server and is not directly deleted or modified on the Active Directory Server.
Error setting attributes country. Unknown country code. The country code specified for the user is not valid.

Specify a valid country code and submit the request again. For information about valid country codes, see the country and region codes section in the Active Directory Adapter User Guide.
Could not modify the attribute–msExchUserAccountControl This warning occurs when the user mailbox is not disabled on suspending a user account.
Error removing membership from group group name The Active Directory Adapter failed to remove the membership of a user or group from the group group name.
Ensure that:
  • The user or group exists on the Active Directory Server.
  • The user or group is a member of the group group name.
  • The group specified exists on the Active Directory Server.
Error adding membership to group group name The Active Directory Adapter failed to add membership of the user or group to the group group name.
Ensure that:
  • The user or group exists on the Active Directory Server.
  • The user or group is not already a member of the group group name.
  • The group specified exists on the Active Directory Server.
Unable to get info on share share name This error occurs when the Active Directory Adapter fails to retrieve share information from the home directory of the user.
Ensure that:
  • The user account under which the adapter is running has access to the home directory.
  • The share name exists on the workstation where the home directory is created.
Invalid home directory path path name The Active Directory Adapter supports creation and deletion of only UNC home directories. Specify the UNC home directory path in the following format:

\\servername\sharename\foldername

Note:
  • NTFS security and Shares can be set only on the Home Directories that are a UNC path.
  • Share Access can be set only on the Home Directories that are a UNC path that have a share created.
Unable to delete home directory home directory name The Active Directory Adapter is not able to delete the specified home directory. If the adapter is unable to delete the UNC home directory, ensure that:
  • The value of the registry key DeleteUNCHomeDirectories is TRUE.
  • The user account under which the adapter is running has permissions to delete the directory.
Home directory deletion is not enabled. Home directory will not be deleted. To enable home directory deletion, set the values of DeleteUNCHomeDirectories and ManageHomeDirectories registry keys to TRUE. Resend the modify request from IBM VerifyIBM Security Identity Governance and IntelligenceIBM Security Privileged Identity Manager.
Home directory creation not enabled. Directory will not be created. To enable home directory creation, set the values of CreateUNCHomeDirectories and ManageHomeDirectories registry keys to TRUE. Resend the modify request from IBM VerifyIBM Security Identity Governance and IntelligenceIBM Security Privileged Identity Manager.
Error creating home directory home directory name The Active Directory Adapter is not able to create home directory.
Ensure that:
  • A directory with the same name does not exist.
  • The user account has permissions to create home directory.
  • Intermediate directories exist. The adapter creates only the final directory in the specified path.
Unable to set Home Directory Drive. Failed to create Home Directory.
Unable to set Home Directory NTFS security. Failed to create Home Directory.
Unable to set Home Directory Share. Failed to create Home Directory.
Unable to set Home Directory Share Access. Failed to create Home Directory.
Error deleting share share name The Active Directory Adapter is not able to delete the share when you clear the value of the share-related attributes from the Active Directory Server account form.
Ensure that:
  • The user account has access to the specified share.
  • The specified share name exists.
  • The user account under which the adapter is running has permissions to create home directory.
Search failed. Unable to retrieve additional data after 3 retries. The Active Directory Adapter retrieves data from the Active Directory Server in a paged manner. The adapter reconciles users, groups, and containers and attempts to retrieve data in a maximum of three attempts. If all three attempts fail, the adapter abandons the search.
The adapter cannot retrieve data because of one of the following reasons:
  • The network response is slow.
  • The Active Directory Server is busy.
  • The Active Directory Adapter installed on the Active Directory Server server is overloading the server.
For information about configuring the Active Directory Server, see http://support.microsoft.com.
User search failed
Group search failed. Error code: error code - error description. Provider: provider name.
Container search failed. Error code: error code - error description. Provider: provider name.
Error performing User Lookup
errorMessage="Unsupported filter" The adapter does not support the attribute specified in the filter. For the list of supported attributes, see supported attributes in the Active Directory Adapter User Guide.

Error setting attribute eradprimarygroup. ADSI Result code: 0x80072035 - The server is unwilling to process the request.

 Ensure that:
  • The user is a member of the specified group.
  • The specified group is either a universal security group or a global security group.

ADSI Result code: 0x80072014 - The requested operation did not satisfy one or more constraints associated with the class of the object.

 These errors occur when the specified value for the attribute violates any constraint associated with that attribute. For example, a constraint might be:
  • Minimum or maximum length of characters the attribute can store.
  • Minimum or maximum value the attribute can accept.
Ensure that the specified value for the attribute does not violate these constraints.
Note: If any one of the attribute specified in the request violates a constraint, the adapter gives the same error for all the subsequent attributes. This error is issued even though they do not violate any constraint. For example, the Title attribute on the Active Directory Server can store a description of maximum of 64 characters. If you specify a description of more than 64 characters, the adapter gives these errors for the Title attribute and for all the other attributes specified in the request.

ADSI Result code: 0x8007202f - A constraint violation occurred.
Request for proxy email types should contain at least one primary SMTP address

Verify that the request for proxy email types contains a primary SMTP address.

Unable to load XML transformation buffer from 'adapter installation directory\data\xforms.xml'

 The Active Directory Adapter does not use the xforms.xml file. Therefore, you can safely ignore the xforms-related errors that are recorded in the WinADAgent.log file.
Unable to bind to group group name. This error occurs when the Active Directory Adapter fails to connect to a group object in the Active Directory Server for processing.

Ensure that the group group name exists on the Active Directory Server.
The specified User Principal Name (UPN) UPN values already exists in the enterprise. Specify a new one. This error occurs when an attempt is made to create user request and the user account exists in the Active Directory Server with the same value for User Principal Name attribute.
Ensure that:
  • The value specified for the User Principal Name attribute when you create a user account is not already used by an existing user account on the Active Directory Server.
  • You set the registry key UPNSearchEnabled to FALSE when you do not want the adapter to check the uniqueness of the User Principal Name attribute. For more information about usage of the registry key UPNSearchEnabled, see "User Principal Name of a user account" in the Active Directory Adapter User Guide.
Error while fetching the group interface for group DN. This error occurs when the Active Directory Adapter fails to bind to a group object on the Active Directory Server for processing.

Ensure that the group processed in the Active Directory Server is not deleted by any other process simultaneously.
Unable to bind to the container object in move operation. This error occurs when the Active Directory Adapter binds to the requested container when a user or group object is moved in the Active Directory Server hierarchy.

Ensure that the container exists on the Active Directory Server.
Cannot set Fixed Callback without Callback number. Callback number not found in the request. When you select Callback Settings as Fixed Callback, you must specify the Callback Number.
Error setting the RAS attribute RAS attribute name. Error reading RAS info. Ensure that:
  • The user account under which the adapter is running has administrator rights to the Active Directory Server.
  • The RAS service is running on the Domain Controller.
Not a valid IPv4 address. The IP address specified for the Static IPv4 Address is in an incorrect format.

Specify the IP address in the IPv4 format.
Agent ADAgent is not installed. This error occurs when an attempt is made to run the certTool utility by running the following command: 
CertTool -agent ADAgent
Ensure that:
  • The user who runs the certTool utility has administrator permissions.
  • You disabled the User Account Control (UAC) security feature before you run the certTool utility on the workstation where the adapter is installed.
Home Directory will not be created. Home directory management is disabled. Set the adapter registry keys CreateUNCHomeDirectories and ManageHomeDirectories to TRUE to:
  • Create a home directory
  • Create home directory share
  • Set share access
  • Set home directory NTFS access for a user account.
For more information about creating the home directory and modifying the home directory attribute, see Active Directory Adapter User Guide.
Cannot create share share name. Home directory management is disabled.
Cannot set share access. Home directory management is disabled.
Cannot set NTFS access. Home directory management is disabled.

Value specified is not in the proper format.
Ensure that the value format of extended attribute of type DNWithBinary is 
B:char count:binary value:object DN

Value specified for the attribute does not start with character 'B'.

Ensure that value specified for extended attribute of type DNWithBinary is start with the character ‘B’ only.

Value given after 'B:' is not correct. Expected value is the total number of Hexadecimal Digit count

For extended attribute of type DNWithBinary, verify that value given for the char count is the total number of Hexadecimal Digit count. Ensure that it does not contain any alphabetical characters or any special characters.

Hexadecimal value does not contain the number of characters specified in the character count.

For extended attribute of type DNWithBinary, verify that total hexadecimal digit count specified in the char count is equal to number of hexadecimal characters.

Wrong Digit in Hex String.

For extended attribute of type DNWithBinary, verify that value given in the binary value contains only hexadecimal character. Valid characters are numerals 0 through 9 and letters A through F. The value can be a combination of valid numerals and letters.

Value is not set on resource due to invalid constraint.
This error occurs when the specified value for the extended attribute of type DNWithBinary violates any constraint associated with that attribute. For example, some constraints might be:
  • The object DN in the value must be a distinguished name of existing user object.
  • The maximum or minimum number of bits in the hexadecimal value.
Ensure that the specified value for the attribute does not violate any constraints.

Hexadecimal value should always contain even number of characters.

For extended attribute of type DNWithBinary, verify that value given in the binary value contains an even number of hexadecimal characters.

Attribute can be set only if Mailbox is enabled for Unified Messaging. To enable Unified Messaging both values UMMailbox Policy and UM Addresses(Extensions) are required.

Ensure that valid values of both UMMailbox Policy and UM Addresses(Extensions) are specified in the request to enable the user for Unified Messaging.

Attribute Operation Type is not supported.

Ensure that the value specified for UM Addresses (Extensions) is not of operation type, MODIFY.

Attribute cannot be set. Mailbox is Disabled for Unified Messaging.

Ensure that the request does not contain Unified Messaging attributes with operation ADD or MODIFY when the MailBox of the user is disabled for Unified Messaging.

Attribute cannot be set. Error occurred while trying to Disable MailBox for Unified Messaging.

This error occurs if disable Unified Messaging is failed and if request contains UM Addresses (Extensions) attribute with operation types ADD or MODIFY.

Attribute cannot be delete. Error occurred while trying to Disable MailBox for Unified Messaging.

This error occurs if disable Unified Messaging is failed and if the request contains UM Addresses (Extensions) attribute with operation type DELETE.