Event ID - 12288

Event Id12288
SourceMicrosoft-Windows-IDMU-Psync
DescriptionPassword change request rejected for an account that was not valid. %rAccount = %1
Event Information According to Microsoft :

Cause :

This event is logged when generating random number through Cryptographic Service Provider failed.

Resolution :

Make sure that the user account is valid

A password change request failed because it applied to a user account that is either not valid or does not exist. Verify that the user exists, and that the account is not locked, disabled, or expired.

You can verify that the UNIX-based computer has been added to the list of UNIX-based computers participating in password synchronization by completing the following procedure.

Verify that a UNIX-based computer has been added for synchronization

To verify that a UNIX-based computer has been added for synchronization:
  1. Open the Identity Management for UNIX management console by clicking Start , pointing to Administrative Tools , and then clicking Microsoft Identity Management for UNIX .You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX .
  2. If necessary, connect to the computer you want to manage.
  3. In the hierarchy pane, under the Password Synchronization node, click UNIX Computers .
  4. In the results pane, look for the UNIX-based computer on which the user whose account is showing as not valid in the error message is logged.
  5. If the computer is not found, add the UNIX-based computer by continuing on to the next step. If the computer is listed in the results pane, go on to the next procedure, "Check sso.conf for the missing user account."
  6. In the hierarchy pane, under the Password Synchronization node, click UNIX Computers , and then do one of the following.

    • Right-click UNIX Computers , and then click Add Computer .
    • Click Add Computer in the Actions pane .
    • On the Action menu, click Add Computer .

  7. In the Computer name text box of the Add Computer dialog box, provide the name or IP address of a UNIX-based computer.
  8. In the Direction of password synchronization area, select the direction of password synchronization for this computer.
  9. If necessary, specify a different encryption key than the default key, or click Generate key to have Password Synchronization generate a new key for synchronization with this computer.
  10. If necessary, change the port number this computer monitors for password changes. The default is 6677.
  11. Click OK .
Check sso.conf for the missing user account

To check sso.conf for a missing user account
  1. Before editing sso.conf, save a backup copy to a convenient location.
  2. On the computer running Windows Server 2008, open /etc/sso.conf by using a text editor, such as Notepad.
  3. In the sso.conf file, search for the SYNC_USERS entry.
  4. Make sure that the user who is attempting to change passwords has been added to the list of users in SYNC_USERS.

    • If a minus sign (-) has been added before the user's name, this prevents the user's password changes from being synchronized.
    • If a plus sign (+) has been added before any other user names in SYNC_USERS, but not before the name of the user who is having the password change difficulties, this prevents users who do not have the + character in front of their names from participating in password synchronization.

  5. If the user has not been added to the list in SYNC_USERS, add the user's account name.
  6. Remove minus signs or plus signs as described in preceding steps to allow the user to participate in password synchronization.
  7. Save your changes and close sso.conf.

    Verify :

    To verify the functional state of UNIX to Windows password synchronization, retry UNIX to Windows password synchronization. UNIX to Windows password synchronization is fully operational when the password synchronization succeeds, and functioning with warning conditions present if password synchronization fails for some passwords but succeeds for others.

    If password synchronization succeeds for some passwords but fails for others, the UNIX to Windows Password Synchronization Service is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.
Reference LinksEvent ID 12288 from Microsoft-Windows-IDMU-Psync

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.