Hi ILM gurus =D!
Basically, I have followed the "Publishing Active Directory Users From Two Authoritative Data Sources" document located at FIM2010 site.
Right now, I have the following scenario:
+ Domain1\sourceAD (DC) with PCNS installed on it
+ Domain1\FIM2010 RC1 server
+ Domain 2\targetAD
I synchronized users from Domain1\sourceAD to Domain2\targetAD successfully. Then, on Domain2 DC (target AD) I created a password for 'consultant' user and I was able to log in to Windows with that acct credentials.
Later, I changed the password for the 'consultant' on domain1 DC (source AD) to trigger PCNS sync process. I reviwed the "Application" log on the FIM box and found FIM sync service failed:
An unexpected error has occurred during a password set operation.
"ERR: MMS(2788): utils.cpp(960): Failed getting registry value 'AdExtTimeout', 0x2
BAIL: MMS(2788): utils.cpp(962): 0x80070002 (The system cannot find the file specified.)
BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition CN=Configuration,DC=Morgan,DC=net to the list because it already exists at position 0
BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=Morgan,DC=net to the list because it already exists at position 1
BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=ForestDnsZones,DC=Morgan,DC=net to the list because it already exists at position 2
ERR: MMS(2788): utils.cpp(740): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL: MMS(2788): utils.cpp(741): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(2788): utils.cpp(796): 0x80070002 (The system cannot find the file specified.)
ERR: MMS(2788): admaexport.cpp(3643): The Kerberos change operation failed: 0xc000005e
ERR: MMS(2788): ma.cpp(8157): ExportPasswordSet failed with 0x80004005
Forefront Identity Manager 4.0.2560.0"
** After 10 tries:
The password synchronization set operation has exceeded the maximum retry limit for this target connected data source.
Additional information:
Tracking ID: {289AE4D9-B95F-4238-8E7C-500C8CA1A265}
Reference ID: {1E5E5EEC-6BFC-45A0-BBEC-85B0A1763EB5}
Target Object GUID: {0F444E8F-73E1-45BE-BA79-F9323010AAAA}
Target DN: CN=consultant bt,OU=NewYork,DC=Morgan,DC=net
Target MA Name: AD_destination
Kerberos seems to be the source of the error.
Does somebody has an idea of the source of this error?? Is it related to acct permissions?
Please have mercy =P...thanks fellows!!...
max
