Microsoft KB Archive/273709

= Password Not Set When Users Are Created with Active Directory Management Agent =

Article ID: 273709

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q273709



SYMPTOMS
When you create users with the Active Directory Management Agent, the password may not be set correctly. However, the user is able to log on with a blank password.

In the Compass client computer's operator's log, the following error message may be reported:

ERR_00 0300 00/09/08 14:23:58.594 (AD-MA_LdapInitSSL) Couldn't connect to domain controller SERVER FQDN on port 636, LDAP error = 81 - Server Down

ERR_00 0300 00/09/08 14:23:58.595 (AD-MA_dataFlowFromMdToAd) Failed to establish 128-bit SSL connection to

where  is the fully qualified domain name of the domain controller to which Microsoft Metadirectory Services (MMS) attempts to connect to.



CAUSE
This behavior can occur if the domain controller and MMS do not use a cipher strength of 128-bits.



RESOLUTION
To resolve this issue, install the 128-bit High Encryption Pack on the MMS-based server and all the domain controllers. If any Microsoft Windows 2000 service packs are installed on the affected computers, reinstall the current service pack.

In addition, refer to the MMS Active Directory Management Agent Administration Manual. Under the Planning Issues section, read the Security Requirements. One of the necessary requirements is to have an Enterprise-Wide Certificate Authority in place along with 128-bit High Encryption.



MORE INFORMATION
Windows 2000 Active Directory requires a connection over port 636 with 128-bit cipher strength to set the user password attribute UnicodePwd. Other attributes do not have this requirement.

Additional query words: zoomit metadirectory MMS ADMA

Keywords: kberrmsg kbprb KB273709

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.