• State Not Answered
  • Replies 4 replies
  • Subscribers 102 subscribers
  • Views 267 views
  • Users 0 members are here
Options
Related

Internal error in COM access layer: number: 8007202F: AD Update failing

tomas hudecek_41587

Hi,

we are getting for unknown reason from some accounts the error 

COM access layer: number: 8007202F:

when we are switching from Unmanaged to Full manage and changing few AD attributes. The changes went through for some without an issue. We see in AD some values were pushed to AD even the update process got frozen, in one account we see that manager was not updated, but the same manager was updated for other account fine. AD specialist does not see any differences for these accounts which went successful and which not. Strange think is when we change some random attribute in ADAccount table and save it, it initiates new Update process to the AD it went through successfully.

Any idea what can be wrong, what to check?

We are having version 9.1.1

Thank you

  • 0

    I would suggest working with your Active Directory team to find out if they have placed any special constraints or restrictions on the Active Directory data values. Usually for this type of issue, I would suggest performing a network capture via a packet sniffer such as Wireshark to see what Active Directory is returning. Also monitoring the Event Viewer while reproducing the issue can help to isolate the issue.

  • 0

    Check that the user connecting to AD in your sync project has enough permissions. Also, if the AD accounts are privileged, permissions inheritance is reset by AD (there's no way to change this) every 10 or 15 minutes. And also check there are no password restrictions on your AD such as password reuse or the like that could keep the object from being updated.

  • 0

    Hi Tomas,

    searching for a problem in a 9.1.1 version is a waste of time if no obvious AD problems can be found. The last released service pack (9.1.3) is in limited support since October 1st this year. If possible you should update your One IM software, at least to 9.1.3 or better to 9.3. There were many fixes and changes since 2023 so it makes no sense to look for a single issue.

    Regards, 

       Tino

  • 0

    When you look at the AdHoc Patch, have you confirmed what is changing in total?

    8007202F is a constraint violation. Do your OneID password policy match the AD one, so that initial passwords for creation meet the requirements? It could also be another attribute, so back to the Patch to try and dertermine which attribute is failing for those users, then you can work with the AD Team to sort rights.

    Also, don't forget that some things will go via RPC as opposed to LDAP/ADSI. While LDAP/ADSI uses the Sync account, the RPC uses the account that runs the Job Service.