On 7/2/2012 6:26 AM, sunway2 wrote:
>
> Users are not synchronise/created in Active Directory using Remote
> Loader/AD Driver
>
> Please find below the AD Trace log(Bold error output) when we start the
> AD Driver from Imanager .


There are two sides to every story.

The remote loader side starts, and is waiting for someone to buy it dinner.

The engine side is being cheap and won't do it. Why? Firewall?

The engine reaches out to the Remote Loader. that is what you are not
showing happening. So why not?

Does the engine have the right IP/Port configured? Is there a firewall
blocking the connection? Usual troubleshooting from there.




> DirXML: [07/02/12 02:32:16.02]: Loader: Connected.
> DirXML: [07/02/12 02:32:16.02]: Loader: Reading driver state from file
> DirXML: [07/02/12 02:32:16.03]: Loader: Starting driver...
> DirXML: [07/02/12 02:32:16.03]: Loader: Calling driverShim->init()
> DirXML: [07/02/12 02:32:16.03]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.03]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
> Directory Driver">
> <authentication-info>
> <server>192.168.100.1</server>
> <user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
> <password><!-- content suppressed --></password>
> </authentication-info>
> <driver-options>
> <auth-options display-name="Show authentication
> options">hide</auth-options>
> <auth-method display-name="Authentication
> Method">Negotiate</auth-method>
> <signing display-name="Digitally sign communications">no</signing>
> <sealing display-name="Digitally sign and seal
> communications">no</sealing>
> <use-ssl display-name="Use SSL for LDAP connection between Driver
> Shim and AD">no</use-ssl>
> <impersonation display-name="Logon and
> impersonate">yes</impersonation>
> <xchg-options display-name="Show Exchange Management
> Options">hide</xchg-options>
> <xchg-prov display-name="Enable Exchange mailbox
> provisioning">disabled</xchg-prov>
> <exch-api-type display-name="Exchange Management interface
> type">use-exch-2010</exch-api-type>
> <exch-move display-name="Allow Exchange mailbox
> move">yes</exch-move>
> <exch-delete display-name="Allow Exchange mailbox
> delete">yes</exch-delete>
> <access-options display-name="Show access
> options">hide</access-options>
> <pollingInterval display-name="Driver Polling
> Interval">1</pollingInterval>
> <pub-heartbeat-interval display-name="Publisher heartbeat
> interval">1</pub-heartbeat-interval>
> <pub-password-expire-time display-name="Password Sync Timeout
> (minutes)">5</pub-password-expire-time>
> <search-domain-scope display-name="Search domain s
> DirXML: [07/02/12 02:32:16.05]: cope">yes</search-domain-scope>
> <retry-ldap-auth-unknown display-name="Retry LDAP Auth unknown
> error">no</retry-ldap-auth-unknown>
> <enable-incremental-values display-name="Enable DirSync Incremental
> Values">no</enable-incremental-values>
> <advanced-options display-name="Show advanced
> options">hide</advanced-options>
> <enable-delete-protected-2008 display-name="Enable Deletion of
> protected objects in Windows server
> 2008">no</enable-delete-protected-2008>
> </driver-options>
> </init-params>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.06]: ADDriver: Driver::init
> DirXML: [07/02/12 02:32:16.06]: ADDriver: MadDriver:nInit()
> DirXML: [07/02/12 02:32:16.06]: ADDriver: MadConnMgr::initialize
> DirXML: [07/02/12 02:32:16.06]: Loader: driverShim->init() returned:
> DirXML: [07/02/12 02:32:16.06]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.08]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="success"/>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.08]: Loader: Calling
> subscriptionShim->init()
> DirXML: [07/02/12 02:32:16.08]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.08]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
> Directory Driver">
> <authentication-info>
> <server>192.168.100.1</server>
> <user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
> <password><!-- content suppressed --></password>
> </authentication-info>
> <driver-filter>
> <allow-class class-name="Country"/>
> <allow-class class-name="domain">
> <allow-attr attr-name="dc"/>
> <allow-attr attr-name="description"/>
> <allow-attr attr-name="GUID"/>
> </allow-class>
> <allow-class class-name="group">
> <allow-attr attr-name="description"/>
> <allow-attr attr-name="displayName"/>
> <allow-attr attr-name="L"/>
> <allow-attr attr-name="member"/>
> <allow-attr attr-name="managedBy"/>
> </allow-class>
> <allow-class class-name="locality"/>
> <allow-class class-name="nrfRequest"/>
> <allow-class class-name="nrfResourceAssociation"/>
> <allow-class class-name="nrfResourceRequest"/>
> <allow-class class-name="nrfRole"/>
> <allow-class class-name="organization"/>
> <allow-class class-name="organizationalUnit">
> <allow-attr attr-name="description"/>
> </allow-class>
> <allow-class class-name="srvprvDirectoryModel"/>
> <allow-class class-name="user">
> <allow-attr attr-name="city"/>
> <allow-attr attr-name="sAMAccountName"/>
> <allow-attr attr-name="userPrincipalName"/>
> <allow-attr attr-name="DirXML-EntitlementRef"/>
> <allow-attr attr-name="DirXML-EntitlementResult"/>
> <allow-attr attr-name="DirXML-PasswordSyncStatus"/>
> <allow-attr attr-name="facsimileTelephoneNumber"/>
> <allow-attr attr-name="displ
> DirXML: [07/02/12 02:32:16.10]: ayName"/>
> <allow-attr attr-name="givenName"/>
> <allow-attr attr-name="initials"/>
> <allow-attr attr-name="mail"/>
> <allow-attr attr-name="physicalDeliveryOfficeName"/>
> <allow-attr attr-name="logonHours"/>
> <allow-attr attr-name="dirxml-uACAccountDisable"/>
> <allow-attr attr-name="accountExpires"/>
> <allow-attr attr-name="l"/>
> <allow-attr attr-name="postalCode"/>
> <allow-attr attr-name="postOfficeBox"/>
> <allow-attr attr-name="st"/>
> <allow-attr attr-name="streetAddress"/>
> <allow-attr attr-name="sn"/>
> <allow-attr attr-name="telephoneNumber"/>
> <allow-attr attr-name="title"/>
> </allow-class>
> </driver-filter>
> </init-params>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.10]: ADDriver: Subscriber::init
> DirXML: [07/02/12 02:32:16.11]: Loader: subscriptionShim->init()
> returned:
> DirXML: [07/02/12 02:32:16.11]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.11]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="success"/>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.17]: Loader: Calling
> publicationShim->init()
> DirXML: [07/02/12 02:32:16.17]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.17]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
> Directory Driver">
> <authentication-info>
> <server>192.168.100.1</server>
> <user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
> <password><!-- content suppressed --></password>
> </authentication-info>
> <driver-filter>
> <allow-class class-name="Country"/>
> <allow-class class-name="domain">
> <allow-attr attr-name="dc"/>
> <allow-attr attr-name="description"/>
> <allow-attr attr-name="GUID"/>
> </allow-class>
> <allow-class class-name="group">
> <allow-attr attr-name="description"/>
> <allow-attr attr-name="displayName"/>
> <allow-attr attr-name="L"/>
> <allow-attr attr-name="member"/>
> <allow-attr attr-name="managedBy"/>
> </allow-class>
> <allow-class class-name="locality"/>
> <allow-class class-name="nrfRequest"/>
> <allow-class class-name="nrfResourceAssociation"/>
> <allow-class class-name="nrfResourceRequest"/>
> <allow-class class-name="nrfRole"/>
> <allow-class class-name="organization"/>
> <allow-class class-name="organizationalUnit">
> <allow-attr attr-name="description"/>
> </allow-class>
> <allow-class class-name="srvprvDirectoryModel"/>
> <allow-class class-name="user">
> <allow-attr attr-name="city"/>
> <allow-attr attr-name="sAMAccountName"/>
> <allow-attr attr-name="userPrincipalName"/>
> <allow-attr attr-name="DirXML-EntitlementRef"/>
> <allow-attr attr-name="DirXML-EntitlementResult"/>
> <allow-attr attr-name="DirXML-PasswordSyncStatus"/>
> <allow-attr attr-name="displayName"/>
> <allow-attr attr-name="givenName"/>
>
> DirXML: [07/02/12 02:32:16.19]: <allow-attr attr-name="initials"/>
> <allow-attr attr-name="mail"/>
> <allow-attr attr-name="physicalDeliveryOfficeName"/>
> <allow-attr attr-name="logonHours"/>
> <allow-attr attr-name="dirxml-uACAccountDisable"/>
> <allow-attr attr-name="accountExpires"/>
> <allow-attr attr-name="l"/>
> <allow-attr attr-name="postalCode"/>
> <allow-attr attr-name="postOfficeBox"/>
> <allow-attr attr-name="st"/>
> <allow-attr attr-name="streetAddress"/>
> <allow-attr attr-name="sn"/>
> <allow-attr attr-name="telephoneNumber"/>
> <allow-attr attr-name="title"/>
> </allow-class>
> </driver-filter>
> <publisher-state>
> <cookie>INITIALIZE_COOKIE</cookie>
> </publisher-state>
> </init-params>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.19]: ADDriver: Publisher::init
> DirXML: [07/02/12 02:32:16.19]: Loader: publicationShim->init()
> returned:
> DirXML: [07/02/12 02:32:16.21]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.21]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="success">Configured publisher polling interval to
> 1</status>
> <status level="success">Configured heartbeat interval to 1</status>
> <status level="success">Configured Password Expiration Time to
> 5</status>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.21]:
> DirXML Log Event -------------------
> Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver
> Thread = Subscriber Channel
> Level = success
> Message = Remote driver successfully started.
> DirXML: [07/02/12 02:32:16.39]: Loader: Calling
> publicationShim->start()
> DirXML: [07/02/12 02:32:16.39]: Loader: Received document from
> publicationShim
> DirXML: [07/02/12 02:32:16.39]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.41]: <nds dtdversion="2.2">
> <source>
> <product version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <init-params>
> <publisher-state>
> <cookie>INITIALIZE_COOKIE</cookie>
> </publisher-state>
> </init-params>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.41]: Loader: Writing driver state to file
> DirXML: [07/02/12 02:32:16.41]: Loader: Document consists only of
> state; not sending to remote side
> DirXML: [07/02/12 02:32:16.41]: Loader: Returning to publisher:
> DirXML: [07/02/12 02:32:16.42]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.42]: <nds ndsversion="8.6"
> dtdversion="1.0">
> <output>
> <status level="success"/>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.42]: ADDriver: rootDSE information needed.
> DirXML: [07/02/12 02:32:16.42]: ADDriver: Make unauthenticated
> connection to rootDSE
> DirXML: [07/02/12 02:32:16.44]: Loader: Received 'subscriber execute'
> document
> DirXML: [07/02/12 02:32:16.46]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.46]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query event-id="query-driver-ident" scope="entry">
> <search-class class-name="__driver_identification_class__"/>
> <read-attr/>
> </query>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.47]: Loader: Calling
> subscriptionShim->execute()
> DirXML: [07/02/12 02:32:16.47]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.47]: <nds dtdversion="4.0"
> ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query event-id="query-driver-ident" scope="entry">
> <search-class class-name="__driver_identification_class__"/>
> <read-attr/>
> </query>
> </input>
> </nds>
> DirXML: [07/02/12 02:32:16.47]: ADDriver: parse command
>
> className
> destDN
> eventId query-driver-ident
> association
> DirXML: [07/02/12 02:32:16.49]: Loader: subscriptionShim->execute()
> returned:
> DirXML: [07/02/12 02:32:16.49]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.49]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="__driver_identification_class__"
> event-id="query-driver-ident">
> <attr attr-name="driver-id">
> <value type="string">AD</value>
> </attr>
> <attr attr-name="driver-version">
> <value type="string">3.5.14</value>
> </attr>
> <attr attr-name="min-activation-version">
> <value type="string">5</value>
> </attr>
> <attr attr-name="query-ex-supported">
> <value type="state">true</value>
> </attr>
> </instance>
> <status level="success" event-id="query-driver-ident"/>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.50]:
> DirXML Log Event -------------------
> Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver
> Thread = Subscriber Channel
> Level = success
> DirXML: [07/02/12 02:32:16.55]: ADDriver: unauthenticated connection to
> rootDSE succeeded
> DirXML: [07/02/12 02:32:16.55]: ADDriver: read rootDSE information
> DirXML: [07/02/12 02:32:16.60]: ADDriver:
> LDAP Session Information
>
> LDAP version: 3
> Domain DNS name:
> Server DNS name: 192.168.100.1
> Host reachable: 1
> Using SSL: 0
> Client error: (0) - Success
> Server error: -
> Dereference aliases: 0 - never
> Referals: 1 - on
> Auto-reconnect: 1
> Getdsname flags: 0
> Sspi flags: 4002
> Keep alive: 120
> Ping limit: 4
> Ping wait time: 2000
> DirXML: [07/02/12 02:32:16.60]: ADDriver: Supported server side LDAP
> controls:
> 1.2.840.113556.1.4.319 - LDAP_PAGED_RESULT_OID_STRING
> 1.2.840.113556.1.4.801 - LDAP_SERVER_SD_FLAGS_OID
> 1.2.840.113556.1.4.473 - LDAP_SERVER_SORT_OID
> 1.2.840.113556.1.4.528 - LDAP_SERVER_NOTIFICATION_OID
> 1.2.840.113556.1.4.417 - LDAP_SERVER_SHOW_DELETED_OID
> 1.2.840.113556.1.4.619 - LDAP_SERVER_LAZY_COMMIT_OID
> 1.2.840.113556.1.4.841 - LDAP_SERVER_DIRSYNC_OID
> 1.2.840.113556.1.4.529 - LDAP_SERVER_EXTENDED_DN_OID
> 1.2.840.113556.1.4.805 - LDAP_SERVER_TREE_DELETE_OID
> 1.2.840.113556.1.4.521 - LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID
> 1.2.840.113556.1.4.970 -
> 1.2.840.113556.1.4.1338 - LDAP_SERVER_VERIFY_NAME_OID
> 1.2.840.113556.1.4.474 - LDAP_SERVER_RESP_SORT_OID
> 1.2.840.113556.1.4.1339 - LDAP_SERVER_DOMAIN_SCOPE_OID
> 1.2.840.113556.1.4.1340 - LDAP_SERVER_SEARCH_OPTIONS_OID
> 1.2.840.113556.1.4.1413 - LDAP_SERVER_PERMISSIVE_MODIFY_OID
> 2.16.840.1.113730.3.4.9 -
> 2.16.840.1.113730.3.4.10 -
> 1.2.840.113556.1.4.1504 -
> 1.2.840.113556.1.4.1852 -
> 1.2.840.113556.1.4.802 -
> 1.2.840.113556.1.4.1907 -
> 1.2.840.113556.1.4.1948 -
> 1.2.840.113556.1.4.1974 -
> 1.2.840.113556.1.4.1341 -
> 1.2.840.113556.1.4.2026 -
> 1.2.840.113556.1.4.2064 -
> 1.2.840.113556.1.4.2065 -
> 1.2.840.113556.1.4.2066 -
> Naming contexts & RootDSE Properties:
> DC=idm,DC=com
> CN=Configuration,DC=idm,DC=com
> CN=Schema,CN=Configuration,DC=idm,DC=com
> DC=DomainDnsZones,DC=idm,DC=com
> DC=ForestDnsZones,DC=idm,DC=com
> default naming context: DC=idm,DC=com
> schema naming context: CN=Schema,CN=Configuration,DC=idm,DC=com
> configuration naming context: CN=Configuration,DC=idm,DC=com
> root domain naming context: DC=idm,DC=com
> forest functional level: Windows Server 2008 R2 Forest Mode
> DirXML: [07/02/12 02:32:16.61]: ADDriver: Connect using ldap_bind:
> user=CN=ADDriver_idm,CN=Users,DC=idm,DC=com, domain=, password=***,
> method=negotiate, server=192.168.100.1, sign=no, seal=no ssl=no
> DirXML: [07/02/12 02:32:16.74]: ADDriver: publisher shutdown complete
> DirXML: [07/02/12 02:32:16.75]: Loader: publicationShim->start()
> returned:
> DirXML: [07/02/12 02:32:16.75]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.75]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> *<output>
> <status level="error" type="driver-general">
> <message>unable to authenticate to Active Directory</message>
> <ldap-err ldap-rc="82" ldap-rc-name="LDAP_LOCAL_ERROR">
> <client-err ldap-rc="-2146893052"/>
> </ldap-err>
> </status>
> </output>*</nds>
> DirXML: [07/02/12 02:32:16.77]:
> DirXML Log Event -------------------
> Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver
> Thread = Publisher Channel
> Level = error
> Message = <message>unable to authenticate to Active
> Directory</message>
> <ldap-err ldap-rc="82" ldap-rc-name="LDAP_LOCAL_ERROR">
> <client-err ldap-rc="-2146893052"/>
> </ldap-err>
> DirXML: [07/02/12 02:32:16.78]:
> DirXML Log Event -------------------
> Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver
> Thread = Publisher Channel
> Level = fatal
> Message = Premature return from PublicationShim->start()
> DirXML: [07/02/12 02:32:16.78]: Loader: Calling driverShim->shutdown()
> DirXML: [07/02/12 02:32:16.78]: Loader: null document
> DirXML: [07/02/12 02:32:16.78]: ADDriver: Driver::shutdown
> DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown subscriber
> DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown publisher
> DirXML: [07/02/12 02:32:16.80]: ADDriver: Shutdown 1
> DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown notification
> complete
> DirXML: [07/02/12 02:32:16.81]: Loader: driverShim->shutdown()
> returned:
> DirXML: [07/02/12 02:32:16.81]: Loader: XML Document:
> DirXML: [07/02/12 02:32:16.81]: <nds ndsversion="8.7"
> dtdversion="1.1">
> <source>
> <product version="3.5.14" asn1id="" build="20110211_120000"
> instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="success"/>
> </output>
> </nds>
> DirXML: [07/02/12 02:32:16.81]:
> DirXML Log Event -------------------
> Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
> Driver
> Thread = Subscriber Channel
> Level = warning
> Message = Remote driver stopped
> DirXML: [07/02/12 02:32:16.92]: Loader: Stopping driver
> DirXML: [07/02/12 02:32:16.92]: ADDriver: Driver::destroy
> DirXML: [07/02/12 02:32:16.94]: ADDriver: driver destroy delayed for
> publisher exit
> DirXML: [07/02/12 02:32:16.94]: Loader: Waiting for DirXML to connect
> on 'TCP server socket, port 8090, address 192.168.100.81'...
>
>