In an Exchange 2007 or Exchange 2010 environment, the managed Active Directory endpoint acquired by Identity Manager is usually different to the Active Directory endpoints which service the Exchange 2007/2010 servers. The Active Directory intra-site or inter-site replication latency could introduce a timing problem and result in intermittent mailbox creation failures.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to create back up of the registry and ensure that you understand how to restore the registry if a problem may occur. For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

To address the problem, there are 2 timeout settings which can be adjusted:

• The maximum timeout period which the Remote Agent will continue to try and read new Active Directory accounts.
  
  
• The maximum timeout period the Connector Server waits to confirm a new mailbox existence.

To configure Exchange 2007 and Exchange 2010 timeout settings:

1. On Remote Agent installations, set the value on the following Windows registry key:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\Identity Manager
   
              DWORD Value: Ex2k7AgentTimeout
              Defines the maximum timeout period the Remote Agent continues to try to read new Active Directory accounts during replication.
              The value required for inter-site replication depends on the replication topology settings.
   
   
2. On computers running the CA Identity Manager Connector Server (C++) service, set the following Windows system environment variable:
   
              ADS_CONFIRM_MAILBOX
              Specifies the maximum timeout period the Connector Server waits to confirm mailbox existence.
              The value required for inter-site replication will depend on replication topology settings.