Re: Password migration error

From: TTurpen (tturpen_at_concerto.com)
Date: 03/26/04 

Date: Fri, 26 Mar 2004 14:04:22 -0500

Thank you for your reply and instructions.

We had originally created the key on the server running ADMT. This was then
used on the target domian DC to install the password DLL.

We generated a new key, uninstalled the pwdmig from the source DC, and then
re-installed the pwdmig on the source DC with the new key. Interestingly
after setting the reg key to "1" it was set back to "0" after the reboot. We
had to set the reg key back to "1" again after the reboot.
Password export now works for us.

Tom

"William Wang[MSFT]" <v-rxwang@online.microsoft.com> wrote in message
news:7DpUJDxEEHA.2224@cpmsftngxa06.phx.gbl...
> Hi,
>
> Thanks for your posting. This error may be caused by one of the following
> configuration problems:
>
> - The Password Export Server has not been configured with the Password
> Migration DLL and an encryption key for the target server.
>
> -or-
>
> - The encryption key was created and installed, but ADMT is running on a
> different computer than the computer that created the encryption key.
> Password Migration encryption keys are valid per-computer instead of
> per-domain.
>
> Please follow these steps:
>
> Part I: Target Domain
> ---------------------
>
> Complete the following steps on the domain controller in the target domain
> on which you installed ADMT:
>
> 1. Insert a 3.5-inch disk into the floppy disk.
>
> 2. Open a command prompt, and then change to the directory on which you
> installed ADMT. By default, this is the %SystemRoot%\Program Files\
folder.
>
> 3. Type the following command to create the encryption key to be used
> during the migration of the user account passwords
>
> "admt key <SourceDomainName><FloppyDrive> [*/password] " (without the
> quotation marks) where:
>
> - The admt command is the name of the executable program.
>
> - The key command specifies the generation of an encryption key.
>
> - <SourceDomainName> is the NetBIOS name of the domain that contains the
> passwords that you want to migrate.
>
> - <FloppyDrive> is the drive letter of the floppy disk drive where the
> encryption key will be written, such as:
>
> A
>
> -or-
>
> A:
>
> - [*/password] is optional; if you use it, you can encrypt the key with a
> password. You can either type the password or you can type
>
> "*" (without the quotation marks)
>
> to receive a prompt for a password that is not displayed on the screen. If
> you type a password, you need to use it when you complete the setup in the
> source domain.
>
> NOTE: For security reasons, providing a password is recommended.
>
> Part II: Source Domain
> ----------------------
>
> Complete the following steps on the PES in the source domain:
>
> 1. Double-click the Pwdmig.exe file. Pwmig.exe is located in the I386\ADMT
> folder on the Windows Server 2003 installation media, or the folder to
> which you downloaded ADMTv2 from the Internet.
>
> 2. Insert the the 3.5-inch disk that you created when you receive the
> following message:
>
> Please insert the floppy into the floppy disk containing the password
> encryption key for this source domain. Click OK to continue.
>
> 3. Type the password when you are prompted, and then click OK.
>
> 4. Click Next.
>
> 5. Click Finish.
>
> 6. Click Start, click Run, type regedit, and then click OK.
>
> 7. Locate the AllowPasswordExport registry value in the following registry
> key:
>
> HKLM\System\CurrentControlSet\Control\LSA
>
> 8. Double-click AllowPasswordExport.
>
> 9. Change the value "0" to "1", and then click OK.
>
> 10. Restart the computer for the settings to take effect.
>
> For more information please refer to the following article:
>
> 326480 How to Use Active Directory Migration Tool Version 2 to Migrate
from
> http://support.microsoft.com/?id=326480
>
> Sincerely,
>
> William Wang
> Microsoft Online Support Engineer
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> --------------------
> >From: "TTurpen" <tturpen@concerto.com>
> >Subject: Password migration error
> >Date: Thu, 25 Mar 2004 16:52:45 -0500
> >Lines: 21
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> >Message-ID: <eXWxCOrEEHA.1456@TK2MSFTNGP09.phx.gbl>
> >Newsgroups: microsoft.public.windows.server.migration
> >NNTP-Posting-Host: six.concerto.com 4.21.167.133
> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:9174
> >X-Tomcat-NG: microsoft.public.windows.server.migration
> >
> >
> >Running ADMT V 2.0 and migrating from W2K domain to W2K domain
intraforest.
> >After setting up the PES server in the source domain using a key
generated
> >on the target domain the following error occurs:
> >
> >ERR2:0080 Unable to migrate users. Unable to establish a session with the
> >password export server. The source password export server and the target
> >server do not have the same encryption key for the source domain.
> >(0x80040206)
> >
> >The PES server is the PDC emulator and FSMO role holder. Is this a
problem?
> >
> >I have not been able to find any information on this error.
> >
> >Any help would be appreciated.
> >
> >Thank you,
> >
> >Tom
> >
> >
> >
>

Relevant Pages

  • RE: Password migration error
    ... Migration DLL and an encryption key for the target server. ... Insert a 3.5-inch disk into the floppy disk. ... Part II: Source Domain ...
    (microsoft.public.windows.server.migration)
  • RE: Encryption Key Access Denied
    ... I suggest you logon to the win2k3 server with the admin previlege ... The key command specifies the generation of an encryption key. ... Part II: Source Domain ... the Windows Server 2003 CD-ROM. ...
    (microsoft.public.windows.server.migration)
  • Re: ADMT error when migrate password
    ... install on a member server in the Target domain, ... ADMTV3 needs to be installed on a 2003 Server. ... -On the primary domain controller in the Source domain, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Move exsisting domain to a different forest?
    ... Install a seconed DC in the source Domain ... Promote the FileServer, now in the target domain, to a DC ... You might also want to question whether you want your file server to be a DC ... There's quite a bit of help in the help when you install the tool. ...
    (microsoft.public.windows.server.active_directory)
  • Re: admt 3 error
    ... do I need to install ADMT 3 on my source server? ... "I installed the password migration on a dc in my source domain, ... Installed the Password Migration DLL on the Password Export Server ... on a dc in my source domain, ...
    (microsoft.public.windows.server.active_directory)