Forums » Interstage BPM Knowledgebase Articles

• C.Y. Chen

  

  • 33 posts
   

  July 23, 2012 9:16:27 AM PDT

  Goal: Fails to Update User Profile to Enable Email Notification

   

  Fact: Interstage BPM (Business Process Manager) v7.4 AE (Advanced Edition)

   

  Fact: Microsoft Active Directory

   

  Fact: Interstage BPM Directory Adapter

   

  Symptom:

  Error updating profile for user "username".

   

  Could not update the user property list. (Error unmarshalling return; nested exception is:

  java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.sun.jndi.ldap.l.dapCtx)

   

  Fix:
  The symptom above only happens to Interstage BPM version 7.4 or prior when Microsoft Active Directory is used as the directory service.
  
  

  Additional access rights need to be granted to all BPM users residing in AD. Follow the following tech note to grant the permissions. 

  http://technet.microsoft.com/en-us/library/bb885050(v=exchg.80).aspx
  
  
  Excerpt as shown below:
  
  Cause
  

  This exception may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.

  You should also verify that the Exchange Servers group appears on the Security tab of the top-level domain container. This security group is required on the top-level container and must be propagated to each organizational unit that includes users before users can successfully log on to Outlook Web Access.

  Before You Begin

  ---

  To perform this procedure, the account you use must be delegated membership in the Domain Administrators group.

  For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

  Procedure

  ---

  To use Active Directory Users and Computers to set permissions for users and organizational units

  ---

  1. Open the Active Directory Users and Computers snap-in.

  2. On the View menu, click Advanced Features.

  3. Open the properties of a user who cannot log on to Outlook Web Access.

  4. Click the Security tab, and then click Advanced.

  5. Select the Allow inheritable permissions check box if it has not already been selected.

  6. Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.

  7. Allow time for replication to occur.

  To use Active Directory Users and Computers to set permissions for the top-level container

  ---

  1. Open the Active Directory Users and Computers snap-in.

  2. On the View menu, click Advanced Features.

  3. Open the properties of the top-level container in the domain of the users who cannot log on.

  4. Click the Security tab.

  5. Verify that the Exchange Servers group appears in the Group or user names list. Add this group if it does not appear in the list. You do not have to set permissions for the Exchange Servers group.
     
     
     Note:
     Also refer to KB article How to Resolve the Error of Updating User Profile to Active Directory 

  Author: C.Y. Chen
  Attachment: