'Org Administration Locked' error

This occurs when a similar setup change that affects a large number of records is still being processed. In order to maintain data integrity, the relevant setup area is locked until the change is complete. Sharing changes will only lock sharing setup and custom field/object changes will only lock custom field/object setup.

Please note that this is not an error message. This functionality is by design and is in place to ensure data integrity. If you receive this message while attempting to make a setup change, please wait a few minutes and try again. As soon as the process that triggered the lock completes, the relevant setup area will be unlocked.

SHARING
- Changes to the Role Hierarchy
- Changes to the Sharing Model
- Mass reassignment of Account/Sales Teams
- Role create/edit/change
- Territory create/edit/change
- User create/edit/change

CUSTOM FIELDS/OBJECTS

- Any create/update/delete of custom fields or custom objects, including replacing picklist values or simple changes such as editing a custom object description.

METADATA CHANGES/DEPLOYMENTS:

1. Admin changes from the UI can create an Org Lock

2. ANT deployments can create an Org Lock

3. A Terminated ANT deployment, does not imply the process is terminated immediately on the server, hence an org lock continues

4. A Timeout ANT deployment just means that the ANT(client) side timeout waiting for the process to complete, does not imply the process is terminated immediately on the server, hence an org lock continues until complete or recovered. To avoid this you may need to adjust the timings in your build.xml file.

5. A heap error could occur with ANT during deployment, this also does not imply the process is terminated immediately on the server, hence an org lock continues until complete or recovered. To avoid this you may need to adjust Java/ANT heap setting in your environment

6. Simultaneous ANT deployments by different individuals can be blocked out due to org locks

7. If the user is on a network that employs a Reverse Proxy or some method of network traffic control (e.g. WebSense), clicking the 'Run Tests' button on the class list view page or clicking the Deploy button on a Change Set page may be making a second post to the page.  Create an exception on the network to allow direct traffic to Salesforce to see if it resolves the issue.
 

Change management, change control and scheduling procedures are essential when making administrative changes as a team.

An Org lock is created to protect the Org from data and metadata integrity issues. There are NO options to remove/delete the org lock.

The duration of the Org lock varies based on the Administrative activity in progress, and is not measurable. The duration depends on multiple factors, object/feature, security controls, table sizes, essentially scope and impact of the changes in progress.

Logging a case with Salesforce support for an Org lock is not necessary, unless the lock exceeds 3hrs or is significantly  impacting a critical project. When logging a case, please include the Org with the problem, username with the problem, Logs including Salesforce debug logs & ANT logs, and most importantly the ANT package that caused the problem, and lastly the Setup audit Trail.

To find out what action triggered the organization lock, users can check the "Setup -> View Setup Audit Trail" to view recent actions that meet the criteria outlined above.