RE: Password migration error
From: William Wang[MSFT] (v-rxwang_at_online.microsoft.com)
Date: 03/26/04
- Next message: Bob Qin [MSFT]: "RE: Multiple NT 40 domain Consolidation/Migration"
- Previous message: Jack Wang [MSFT]: "RE: White Papers on NT to 2003 AD Migration?"
- In reply to: TTurpen: "Password migration error"
- Next in thread: TTurpen: "Re: Password migration error"
- Reply: TTurpen: "Re: Password migration error"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 26 Mar 2004 09:00:16 GMT
Hi,
Thanks for your posting. This error may be caused by one of the following
configuration problems:
- The Password Export Server has not been configured with the Password
Migration DLL and an encryption key for the target server.
-or-
- The encryption key was created and installed, but ADMT is running on a
different computer than the computer that created the encryption key.
Password Migration encryption keys are valid per-computer instead of
per-domain.
Please follow these steps:
Part I: Target Domain
---------------------
Complete the following steps on the domain controller in the target domain
on which you installed ADMT:
1. Insert a 3.5-inch disk into the floppy disk.
2. Open a command prompt, and then change to the directory on which you
installed ADMT. By default, this is the %SystemRoot%\Program Files\ folder.
3. Type the following command to create the encryption key to be used
during the migration of the user account passwords
"admt key <SourceDomainName><FloppyDrive> [*/password] " (without the
quotation marks) where:
- The admt command is the name of the executable program.
- The key command specifies the generation of an encryption key.
- <SourceDomainName> is the NetBIOS name of the domain that contains the
passwords that you want to migrate.
- <FloppyDrive> is the drive letter of the floppy disk drive where the
encryption key will be written, such as:
A
-or-
A:
- [*/password] is optional; if you use it, you can encrypt the key with a
password. You can either type the password or you can type
"*" (without the quotation marks)
to receive a prompt for a password that is not displayed on the screen. If
you type a password, you need to use it when you complete the setup in the
source domain.
NOTE: For security reasons, providing a password is recommended.
Part II: Source Domain
----------------------
Complete the following steps on the PES in the source domain:
1. Double-click the Pwdmig.exe file. Pwmig.exe is located in the I386\ADMT
folder on the Windows Server 2003 installation media, or the folder to
which you downloaded ADMTv2 from the Internet.
2. Insert the the 3.5-inch disk that you created when you receive the
following message:
Please insert the floppy into the floppy disk containing the password
encryption key for this source domain. Click OK to continue.
3. Type the password when you are prompted, and then click OK.
4. Click Next.
5. Click Finish.
6. Click Start, click Run, type regedit, and then click OK.
7. Locate the AllowPasswordExport registry value in the following registry
key:
HKLM\System\CurrentControlSet\Control\LSA
8. Double-click AllowPasswordExport.
9. Change the value "0" to "1", and then click OK.
10. Restart the computer for the settings to take effect.
For more information please refer to the following article:
326480 How to Use Active Directory Migration Tool Version 2 to Migrate from
http://support.microsoft.com/?id=326480
Sincerely,
William Wang
Microsoft Online Support Engineer
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "TTurpen" <tturpen@concerto.com>
>Subject: Password migration error
>Date: Thu, 25 Mar 2004 16:52:45 -0500
>Lines: 21
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>Message-ID: <eXWxCOrEEHA.1456@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.windows.server.migration
>NNTP-Posting-Host: six.concerto.com 4.21.167.133
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:9174
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>
>Running ADMT V 2.0 and migrating from W2K domain to W2K domain intraforest.
>After setting up the PES server in the source domain using a key generated
>on the target domain the following error occurs:
>
>ERR2:0080 Unable to migrate users. Unable to establish a session with the
>password export server. The source password export server and the target
>server do not have the same encryption key for the source domain.
>(0x80040206)
>
>The PES server is the PDC emulator and FSMO role holder. Is this a problem?
>
>I have not been able to find any information on this error.
>
>Any help would be appreciated.
>
>Thank you,
>
>Tom
>
>
>
- Next message: Bob Qin [MSFT]: "RE: Multiple NT 40 domain Consolidation/Migration"
- Previous message: Jack Wang [MSFT]: "RE: White Papers on NT to 2003 AD Migration?"
- In reply to: TTurpen: "Password migration error"
- Next in thread: TTurpen: "Re: Password migration error"
- Reply: TTurpen: "Re: Password migration error"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
