Silly question, did the roles or access actually get provisioned in the target system? Also check SLG1 and see what information is available in regards to the provisioning.
if nothing has actually happened then your rfc user may have missing authorisations to complete the provisioning task. If not, the you could well have a bug. Let us know what support pack level you are on.
also try %provisioning_without_password% variable and see if the same issue gets replicated.