Event ID 8209 — Windows to UNIX Password Synchronization Service -- Run-time Issues
Applies To: Windows Server 2008 R2
.jpg)
Windows to UNIX Password Synchronization Service -- Run-time Issues indicates the functionality of Windows to UNIX password synchronization operations.
When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.
Event Details
| Product: | Windows Identity Management for UNIX |
| ID: | 8209 |
| Source: | Microsoft-Windows-IDMU-PSync |
| Version: | 6.0 |
| Symbolic Name: | MSG_ERROR_SEARCH_DIR |
| Message: | Failure in searching Active Directory. |
Resolve
Correct LDAP failure
Password propagation failed because of a Lightweight Directory Access Protocol (LDAP) error. Password Synchronization failed to bind to the default Active Directory® Domain Services server on localhost. Possible causes of this error can be either of the following:
- The server on which Password Synchronization is running is no longer an Active Directory Domain Services domain controller.
- The LDAP service is not running.
Perform the following steps to solve this problem.
- Open the Services MMC snap-in (Services.msc) by clicking Start, pointing to Administrative Tools, and then clicking Services.
- Verify that the Active Directory Domain Services domain controller service is running.
- If the domain controller service does not exist, the computer is probably not a domain controller. Server for NIS can only run on an Active Directory Domain Services domain controller. To promote the computer to a domain controller, see the Active Directory Domain Services Help. Run the dcpromo utility and view the Help available with the dcpromo wizard.
- If the service is not running, double-click the service in the results pane.
- On the General tab of the Properties dialog box, set Startup type to Automatic. Click OK.
For more information about LDAP operation, and best practices for configuring and working with Active Directory Domain Services, see the Step-by-Step Guide for Windows Server 2008 Active Directory Domain Services Installation and Removal on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkID=100492).
Verify
Retry Windows to UNIX password synchronization for failed user password changes to verify that it is operational. Password Synchronization is fully operational when the password synchronization succeeds, and operating under warning conditions if password synchronization fails for some passwords but succeeds for others.
If password synchronization succeeds for some passwords but fails for others, the Windows to UNIX Password Synchronization Service is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.
Related Management Information
Windows to UNIX Password Synchronization Service -- Run-time Issues