Exchange Detection failed when AD Endpoint is configured with SASL security
Article ID: 185852
CA Identity ManagerCA Identity GovernanceCA Identity PortalCA Identity Suite
SASL Security configured AD/Exchange Endpoint, with Kerberos Authentication setup in CCS machine, failed to identify and acquire Exchange attributes when User ID is specified as 'domain\username' notation.
If we launch Provisioning Manager and go to the Endpoint's properties we can see the *Home MTA* and *Exchange Gateway Server* fields under *Exchange General* tab are grayed out.
The following warning/error message are shown in AD Endpoint log.
This is a known issue that is recorded in DE4470045
Release : 14.3, 14.3 CP1
Component : Identity Manager
At the time this article is written, the following production fix is available to address this issue HF-DE447045-DE447715-DE447532.zip Please raise a Support Call Ticket and request for the fix.
This hot fix is for CCS, i.e. external Connector Server on Windows. This fix replaces E2KPS.dll and W2KNamespace.dll in CCS bin directory.
This hot fix is also applicable on top of CSS that is installed from External Connector installation you have downloaded from vApp with IM 14.3 CP1.
After fix application, to make existing AD/Exchange Endpoint detecting Exchange, you need to run the following ldapsearch command.
ldapsearch -LLL -h <Provisioning Server hostname> -p 20389 -D "eTGlobalUserName=<admin global user name>,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -W -b "eTADSDirectoryName=<Endpoint name>,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=eTADSDirectory)" eTADSexchangeStores eTExploreUpdateEtrust
Notes: Please replace <Provisioning Server hostname> with Provisioning Server hostname <admin global user name> with Provisioning Server Admin user (by default it is etaadmin) <Endpoint name> with the affected Endpoint Name
Currently this issue is planned to be addressed in IM 14.3 CP2