OVERVIEW / PURPOSE / GOAL

The purpose of this article is to provide an overview of a recent PCNS issue that I recently worked on here in support.  The issue dealt with a a

PROBLEM STATEMENT 

Users are not able to reset the passwords.  In review of the Application Event Log, we discovered the following BAIL error message.

APPLICATION EVENT LOG

An unexpected error has occurred during a password set operation.
"BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=dc1,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 2
BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition CN=Configuration,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 0
BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=samplelab,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 1
BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=dc1,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 2
BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 3
BAIL: MMS(2916): dnutils.cpp(1329): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=ForestDnsZones,DC=dc2,DC=sampledomain,DC=com to the list because it already exists at position 4
ERR: MMS(2916): utils.cpp(907): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL: MMS(2916): utils.cpp(908): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(2916): utils.cpp(963): 0x80070002 (The system cannot find the file specified.)
ERR: MMS(2916): admaexport.cpp(4178): The Kerberos change operation failed: 0xc000005e
ERR: MMS(2916): ma.cpp(8301): ExportPasswordSet failed with 0x80004005 Forefront Identity Manager 4.0.3594.2"

CAUSE

The cause of this issue is DNS connectivity between the source forest and the target forest

RESOLUTION

In this case we were able to create Conditional Forwarders in the DNS Console to the Target Forest. 

OTHER POSSIBLE SOLUTIONS

      1. If you cannot add a conditional forwarder on the main DNS machine in the forest, you can add DNS to the Synchronization Server, and then add the Conditional Forwarder there.

SEE ALSO