• State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 20 subscribers
  • Views 15475 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QMM LDAP error 0x35. Unwilling To Perform user migration

kanchan chhetri
over 5 years ago

While doing user migration for a particular domain, we are getting below error: 

LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 ).

We have checked that accounts meets password complexity

tried resetting passwords in both target and source domain  as same, but still it fails.

  • 0 over 5 years ago

    There is normally a little more info. I.E. The attribute LDAP was unwilling to write. can you supply that? 

  • 0 over 5 years ago in reply to Jeff Shahan

    this is the only error we see

    user LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
    ).
  • 0 over 5 years ago in reply to kanchan chhetri

    Look at the DSA.Log and find the error. Then look at the lines above that error and see what the DSA was doing. 

    Since you talked about passwords. Password history can cause this. 

  • 0 over 5 years ago in reply to Jeff Shahan

    what is DSa.log ?? active directory logs you mean

  • 0 over 5 years ago in reply to kanchan chhetri
    DSA - Directory Synchronization Agent. Used by Migration sessions or when running Directory Synchronization.

    Consists of 6 services, all on computer where DSA is installed:
    Quest Directory Synchronization Agent Activation Service
    Quest Directory Synchronization Agent ADProxy Service
    Quest Directory Synchronization Agent Configurator Service
    Quest Directory Synchronization Agent Controller Service
    Quest Directory Synchronization Agent Link Resolving Service
    Quest Directory Synchronization Agent Log Service
     
    Log files:
    Quest DSA (SERVER_NAME) Log available via Event Viewer
    %ProgramFiles%\Quest Software\Migration Manager\DSA\CONFIGS
    DSA.log and LinkResolver.log (DSA.log grows very rapidly, both are archived as .gz files under LogArchive folder)
    Application Log on DSA machine and Domain Controller
    Dump files - %ProgramFiles%\Quest Software\Migration Manager\DSA\Dump
  • 0 over 5 years ago in reply to Jeff Shahan

    hi I don't see any error dsa.log.

  • 0 over 5 years ago in reply to kanchan chhetri

    So you don't see any errors? Not even "LDAP error 0x35. Unwilling To Perform"? Because it was logged in the DSA.log before it was presented to you in the session log. That tells me you are looking at the wrong log or wrong time range. 

    What you want to see if what was going on before the LDAP error 0x35. Unwilling To Perform error is written. You might need to increase the log level to get more details. 

    You might want to open a support case. 

  • 0 over 5 years ago in reply to Jeff Shahan

    here  the error:-

       Common AcAdTaskHandler         Object search scope: Subtree

         Common AcAdTaskHandler         Setting path for modifyTimeStamp control: subschemaSubentry = CN=Aggregate,CN=Schema,CN=Configuration,DC=ds,DC=xyz,DC=com

         Common AcAdTaskHandler         Search engine was directed to domain partition

         Common AcAdTaskHandler         Checking schema for modifications

         Common AcAdTaskHandler         No schema changes detected

         Common AcAdTaskHandler     Starting LDAP asynchronous page search: DN = CN=Schema,CN=Configuration,DC=ds,DC=xyz,DC=com

         Common AcAdTaskHandler         Search filter: (&(lDAPDisplayName=msExchBaseClass)(objectClass=classSchema))

         Common AcAdTaskHandler         Attributes to be requested: lDAPDisplayName  

         Common AcAdTaskHandler         Page size: 1

         Common AcAdTaskHandler         Object search scope: One level

     Activation AcAdSwitches     Account Switch, enabling target object DEA7A0CBEAF1F2409F7F85771B308402

         Common AcAdSwitches LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0

    ).

     Activation AcAdTaskHandler         ended dispatching objects

     Activation AcService Objects have been dispatched, task ID: 002DBB6AA9955E418238DD12C2EB0FD1, objects count: 1

     Activation AcService Queue has been processed

     Activation AcService Waiting for events

    Common JobID:0 -> Activation Message Queue is empty.

    Source JobID:0 ->         Recovering messages from dead-letter queue.

    Target JobID:0 ->     Handler ActivationHandler finished with 1 objects. Time = 2.033742 sec.

    Target JobID:0 ->     Handler PartialSync started with 1 objects

    Target JobID:0 -> Starting Partial Sync handler

    Target JobID:0 ->     Object = LDAP://xyz.com/.local/CN=xyz\, abc,OU=SHA,OU=Users,OU=xyz,DC=com

    Target JobID:0 -> Finishing Partial Sync handler

  • 0 over 5 years ago in reply to kanchan chhetri

    enabling target object

    So AD is unwilling to enable the object, so figure out why?  I will be you can’t manually enable the object in question either. 

  • 0 over 5 years ago in reply to kanchan chhetri

    I have tried manually enabling it; but AD disables it again