When adding a "provisioning role" to an Identity manager user an error similar to the one below is recorded in the 'server.log'.  Even though a failure is recorded the provisioning role appears to be added successfully.

ERROR [im.provisioning] (Thread-369 (HornetQ-client-global-threads-459619755)) javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0071<SGU>, Global User '<USER>r' synchronization for additions with existing provisioning roles failed: (accounts created: 1, updated: 0, re-created: 0, failures: 1) ]; remaining name 'eTGlobalUserName=<USER>,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta' 

The error recorded in the 'server.log' only records the headline error, more details can be found in the provisioning logs ('etatrans<date>-<number>.log').

For example:

In this scenario the synchronization involves two endpoints, an Active Directory and SalesForce endpoint.  As indicated in the error message below, one fails and the other succeeds. 

2019-05-10 14:16:32,832 ERROR [im.provisioning] (Thread-369 (HornetQ-client-global-threads-459619755)) javax.naming.NamingException: [LDAP: error code 1 - :ETA_E_0071<SGU>, Global User '<USER>' synchronization for additions with existing provisioning roles failed: (accounts created: 1, updated: 0, re-created: 0, failures: 1) ]; remaining name 'eTGlobalUserName=<USER>,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta' 

The failure comes in the Active Directory component. The user cannot be added as the account already exists. 

20190510:141630:TID=cd3b70:Add :S960:C957:F: FAILURE: Connector Server Add (eTADSAccountName=<USER>, Another) 
20190510:141630:TID=cd3b70:Add :S960:C957:F: rc: 0x0013 (Constraint violation) 
20190510:141630:TID=cd3b70:Add :S960:C957:F: msg: Connector Server Add failed: code 19 (CONSTRAINT_VIOLATION): failed to a 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+dd entry eTADSAccountName=User, Another,eTADSOrgUnitName=TEST IAM,eTADSOrgUnitNa 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+me=POLICY,eTADSOrgUnitName=USERS,eTADSOrgUnitName=<ORG>,eTADSDirectoryName=AD En 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+dpoint,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa: JCS@<JCSHOSTNAME>: JNDI: [LD 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+AP: error code 19 - Constraint Violation - Probable Cause: Duplicate account name 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+]: failed to add eTADSAccountName=<USER>, Another,eTADSOrgUnitName=TEST IAM,eTADSO 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+rgUnitName=POLICY,eTADSOrgUnitName=USERS,eTADSOrgUnitName=<ORG>,eTADSDirectoryNa 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+me=AD Endpoint,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa (ldaps://192.0.2. 
20190510:141630:TID=cd3b70:Add :S960:C957:F:+255:20411) 

The addition of the Role "ROLE_OPERATIONS_EMPLOYEE" is successful. 

20190510:141632:TID=cd3b70:CreateAcct:C966:C964:F: SUCCESS: Child CreateAcct (eTDYNDirectoryName=<directory_name>) 
20190510:141632:TID=cd3b70:CreateAcct:C966:C964:F: msg: :ETA_S_0015<AAC>, Account for Global User '<USER>' on Endpoint '<endpoint_ 
20190510:141632:TID=cd3b70:CreateAcct:C966:C964:F:+name> created successfully 
20190510:141632:TID=cd3b70:Add :C964:E845:F: SUCCESS: Child Add (eTInclusionID=1) 
20190510:141632:TID=cd3b70:Add :C964:E845:F: msg: :ETA_S_0031<SPO>, Account(s) derived from User '<[email protected]>' 
20190510:141632:TID=cd3b70:Add :C964:E845:F:+and Account Template 'ROLE_OPERATIONS_EMPLOYEE' creation or upd 
20190510:141632:TID=cd3b70:Add :C964:E845:F:+ate successful: (accounts created: 1, updated: 0, re-created: 0, failures: 0)sful: (accounts created: 1, updated: 0, re-created: 0, failures: 0)