Issue Description:
Active Directory Provisioning along with Exchange attributes failing with below error message.
Errors returned from IQService. Connecting to remote server win-g303o4860qk.enhcorp.com failed with the following error message: The username or password is incorrect. For more information, see the about_Remote_Troubleshooting Help topic.
Troubleshooting steps:
- Verified the User/Password details by logging in to the Domain controller as Domain Admin (the user which was used in Active Directory Application Configuration)
- Verified and restarted Exchange services which were failed to start by default.
- Enabled logging for AD Connector and observed the below messages.
- 2018-08-31 02:07:09,515 DEBUG Workflow Event Thread 1 sailpoint.connector.ADLDAPConnector:3503 – 1239254649 Entering handleObjectRequest2018-08-31 02:07:10,796 ERROR Workflow Event Thread 1 sailpoint.connector.ADLDAPConnector:3380 – 1239254649 Exception occurred in handling Object Request.sailpoint.tools.GeneralException: Errors returned from IQService. Connecting to remote server win-g303o4860qk.enhcorp.com failed with the following error message: The username or password is incorrect. For more information, see the about_Remote_Troubleshooting Help topic.
- Launched Exchange Management Shell and observed below error messages
- VERBOSE: Connecting to WIN-G303O4860QK.enhcorp.com.New-PSSession : [win-g303o4860qk.enhcorp.com] Connecting to remote server win-g303o4860qk.enhcorp.com failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits accesses to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
- VERBOSE: Connecting to WIN-G303O4860QK.enhcorp.com.New-PSSession : [win-g303o4860qk.enhcorp.com] Connecting to remote server win-g303o4860qk.enhcorp.com failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits accesses to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:1
Resolution:
Active Directory-Direct connector reads Exchange Server attributes by connecting to the Active Directory.
But, for provisioning any Exchange attributes, connector needs access to remote Powershell via IQService.
Windows Remote Management (WinRM) is a feature of Windows that allows
administrators to remotely run management scripts. WinRM Service should be running and that
should also be set up for Remote Management using the Enable-PSRemoting -force.
Enable PowerShell remoting in the domain using below cmdlet in Exchange Management Shell.
>Enable-PSRemoting -Force
