During the directory synchronization LDAP 0x35 error messages could be present in the dsa.log file, similar to the following:
08.10.2008 16:10:32 (GMT+01:00) Common JobID:0 -> LDAP error 0x35. Unwilling To Perform (00002108: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece).
There are various causes for LDAP errors, in order to find out a specific cause, look up the additional information code in MSDN under "Win32 Error Codes":
http://msdn.microsoft.com/en-us/library/cc231199.aspx
In order to resolve the problem, please look up the corresponding error code in MSDN article and take appropriate action, most of the time the error would be environment related or obvious from the MSDN description. The error code to look for is the hexadecimal number following Unwilling To Perform words, in the example above the it is 00002108 or 0x00002108
According to MSDN, 0x00002108 is ERROR_DS_DRA_SOURCE_DISABLED, description is "The source server is currently rejecting replication requests" meaning that there is a replication problem with one of the Domain Controllers the directory synchronization is communicating with
Other codes previously seen were:
LDAP error 0x35. Unwilling To Perform (00000467: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece)
0x00000467ERROR_DISK_OPERATION_FAILED "While accessing the hard disk, a disk operation failed even after retries"
LDAP error 0x35. Unwilling To Perform (00002103: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece).
0x00002103 ERROR_DS_DRA_DB_ERROR "The replication operation encountered a database error"
LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x0000052D ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password
please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (00002185: SvcErr: DSID-031B0E21, problem 5003 (WILL_NOT_PERFORM), data -1946157056)
0x00002183 ERROR_DS_MODIFYDN_DISALLOWED_BY_ INSTANCE_TYPE "Rename or move operations on naming context heads or read-only objects are not allowed"
LDAP error 0x35.Unwilling To Perform (00002145: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002145 ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_ MEMBER "A global group cannot have a universal group as a member" - could be caused by skipping grouptype attribute, this is not recommended, synchronized group scope should be same between source and target domains.
LDAP error 0x35. Unwilling to Perform (00002165 SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002165 ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS "Foreign security principals cannot be members of universal groups." - Could be caused by a Migration session migrating Universal groups or objects with membership in a universal group when the following checkbox is ticked: "Add source members to the corresponding target groups".
LDAP error 0x35. Unwilling To Perform (00002077: SvcErr: DSID-031903AF, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002077 ERROR_DS_ILLEGAL_MOD_OPERATION "Illegal modify operation. Some aspect of the modification is not permitted." - most often caused by DSA trying to modify msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership and msDS-Site-Affinity attributes, you can safely skip those
please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL15649
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center