| Event Id | 12296 |
| Source | Microsoft-Windows-IDMU-Psync |
| Description | The encryption key length does not meet the policy for secure encryption keys. Use Identity Management for UNIX Administration user interface to generate a secure encryption key. |
| Event Information | According to Microsoft : Cause This event is logged when the encryption key length does not meet the policy for secure encryption keys. Resolution Correct encryption key length error Password propagation failed because the encryption key length does not follow the policy for secure encryption keys. Use the following guidelines and encryption key setting procedure to ensure that the encryption key length meets minimum requirements. Encryption key requirements The encryption key must meet the following requirements: a.It must be 16 to 21 characters long (21 is recommended). b.It must contain characters from at least three of the following four groups: Uppercase English letters (A–Z) Lowercase English letters (a–z) Westernized Arabic numerals (0–9) Punctuation symbols ` , ! @ # $ % ^ & * _ – + = | \ { } [ ] : ; \ " ' < > . ? c.It must not contain a left or right parentheses (that is a "(" or ")" character), a comma (,), or a blank space ( ). Setting the default encryption key Important This setting affects the default encryption key for UNIX hosts when they are added for synchronization, as well as the port used for UNIX-to-Windows synchronization. If you change this setting, you must edit the SYNC_HOSTS entry in the /etc/sso.conf file to specify the same encryption key on UNIX hosts that are configured for UNIX-to-Windows password synchronization with the computer on which you complete this procedure. To set the default encryption key: 1.Open the Identity Management for UNIX management console by clicking Start, pointing to Administrative Tools, and then clicking Microsoft Identity Management for UNIX. You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX. 2.If necessary, connect to the computer you want to manage. 3.In the hierarchy pane, click Password Synchronization, and then do one of the following. Right-click Password Synchronization, and then click Properties. Click Properties in the Actions pane. On the Action menu, click Properties. 4.In the Encryption and decryption key area of the General tab, enter a key you want to use, or click Generate key to have Password Synchronization create a new key for you. For maximum security, you should use a key that is the maximum 21 characters in length. 5.To save your changes, click Apply. Verify Retry Windows to UNIX password synchronization for any failed user password change attempts to verify that Password Synchronization is operating normally. Password Synchronization is operating normally when password synchronization succeeds and is operating under warning conditions if synchronization fails for some passwords but succeeds for others. If password synchronization succeeds for some passwords but fails for others, Windows to UNIX Password Synchronization Configuration is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts. |
| Reference Links | Event ID 12296 from Microsoft-Windows-IDMU-Psync |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.