Event ID 12291 — UNIX to Windows Password Synchronization Service -- Run-time Issues
Applies To: Windows Server 2008
.jpg)
UNIX to Windows Password Synchronization Service -- Run-time Issues indicates the functionality of UNIX to Windows password synchronization operations.
When Password Synchronization is configured for UNIX to Windows synchronization, and UNIX to Windows synchronization is functioning normally, passwords that are changed on UNIX hosts are synchronized on Windows-based computers and domains. The Password Synchronization pluggable authentication module (PAM) makes this possible by intercepting the password change request on the UNIX host, encrypting the password, and then sending the password change request to the Password Synchronization service running on the Windows-based computers with which it is configured to be synchronized.
Event Details
| Product: | Windows Identity Management for UNIX |
| ID: | 12291 |
| Source: | Microsoft-Windows-IDMU-PSync |
| Version: | 6.0 |
| Symbolic Name: | MSG_ERROR_PASSWORD_CONFLICTS_POLICY |
| Message: | Error changing password. Password does not conform to password policy for user. %ruser = %1 %rhost = %2 |
Resolve
Check password policy
An error occurred while changing the password because the password does not conform to password policies that apply to the user. In the Windows environment, security policy settings control password policy. The section of security policy that includes password policies is typically called Account Policy.
To check password policy for the domain:
- On the domain controller on which Password Synchronization is running, click Start, click Administrative Tools, and then click Local Security Policy.
- In the hierarchy pane of the Local Security Policy MMC, expand Account Policies.
- Select Password Policy.
- In the results pane, double-click any of the listed password policies, or right-click a policy and then click Properties, to view its properties.
For more information about Windows security policy and changing domain-level security settings, see Security Policy Management on the Microsoft Web site (https://technet2.microsoft.com/WindowsServer2008/en/library/996d4b3c-0446-461f-b26d-a73fdcefcaf81033.mspx).
For more information about account policy specifically, see Account Policy Settings on the Microsoft Web site (https://technet2.microsoft.com/WindowsServer2008/en/library/353f7ad9-b53d-41d0-9867-199f6595a01b1033.mspx).
Verify
To verify the functional state of UNIX to Windows password synchronization, retry UNIX to Windows password synchronization. UNIX to Windows password synchronization is fully operational when the password synchronization succeeds, and functioning with warning conditions present if password synchronization fails for some passwords but succeeds for others.
If password synchronization succeeds for some passwords but fails for others, the UNIX to Windows Password Synchronization Service is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.
Related Management Information
UNIX to Windows Password Synchronization Service -- Run-time Issues