+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 50
How do you do....it? Thread, live@edu and ILM to sync passwords in Technical; Is anyone using this setup? Im having a bit of an issue with the passwords not syncing.....
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200

    live@edu and ILM to sync passwords

    Is anyone using this setup? Im having a bit of an issue with the passwords not syncing..

  2. #2

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Bit more info, if it means anything to anyone:

    Ive set my spn like this:

    Code:
    setspn -a PCNSCLNT/dc1.mydomain.com mydomain\ilm
    where dc1 is the server running ILM, mydomain.com is the domain, and ilm is the Service account Ive created.

    That seemed to work OK.

    But when I tried to run the pcnscfg.exe I got an error that the SPN was not found in the domain:

    Code:
    pcnscfg addtarget /n:PCNSCLNT /a:dc1.mydomain.com /s:PCNSCLNT /fi:"Students" /f:3
    I get this warning:

    Warning: The Service Principal Name you specified could not be found on any accounts in this domain. This target configuration will not be able to deliver passwords if the Service Principle Name is not configured properly.
    Could someone please point out any mistakes in my commands please/

  3. #3

    Join Date
    Jun 2008
    Location
    Kensington, London
    Posts
    372
    Thank Post
    59
    Thanked 36 Times in 32 Posts
    Rep Power
    32
    It might be worth posting on the outlook live administrators forum, I'm not using ILM myself so can't help out

  4. #4
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,726
    Thank Post
    176
    Thanked 229 Times in 211 Posts
    Rep Power
    69
    I'm guessing you've read through this already but just in case here's the step by step info on PCNS

    Implementing the Automated Password Synchronization Solution - Step-by-Step

    I've also read about gotchas with password complexity differences between AD and Live so watch out for those at some point as well.

    I'm not best convinced by this setup at the moment, hoping Forefront 2010 has a simpler system for managing the passwords. As it stands we're lucky that we won't have to worry about it as we're assigning random number sequences for our students (so many part-time ones we really don't want to be managing password resets all day long!)

  5. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Quote Originally Posted by nadeem View Post
    It might be worth posting on the outlook live administrators forum, I'm not using ILM myself so can't help out
    Cheers, done that. Also logged an issue with the live@edu helpdesk so will hopefully hear somehting soon.

  6. Thanks to RabbieBurns from:

    Butters (18th March 2010)

  7. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Quote Originally Posted by gshaw View Post
    I'm guessing you've read through this already but just in case here's the step by step info on PCNS

    Implementing the Automated Password Synchronization Solution - Step-by-Step

    I've also read about gotchas with password complexity differences between AD and Live so watch out for those at some point as well.

    I'm not best convinced by this setup at the moment, hoping Forefront 2010 has a simpler system for managing the passwords. As it stands we're lucky that we won't have to worry about it as we're assigning random number sequences for our students (so many part-time ones we really don't want to be managing password resets all day long!)
    Aye thats what Ive been following.. its the PCNSCLNT bit and the miis thing Im a bit confused about.

    Weve already forced a password policy update domain wide in anticipation of live@edu, and Ive got ILM provisioning the accounts no worries with just it doing a random passowrd, its just the creating the accounts and sending up their existing passwords Im failing at.

    PS. ILM for live@edu seems to be really reasonably priced for education

  8. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    OK so I have resolved this issue myself...

    The line should have been

    Code:
    pcnscfg addtarget /n:PCNSCLNT /a:dc1.mydomain.com /s:PCNSCLNT/dc1.mydomain.com /fi:"Students" /f:3
    So now that bit works..

    But the password sync is still failing badly..

  9. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200

    posting here as well as outlookliveanswers.com

    Password sync is not working. When i do the StartSync -Firstrun, it creates the users, and I get no errors in the event log. However I cannot login the new users with their AD password. When I try to just change a users password that has just been created. I get the following errors:

    Code:
    Log Name:      Application
    Source:        PCNSSVC
    Date:          19/03/2010 2:50:37 PM
    Event ID:      2100
    Task Category: (1)
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      DC5.mydomain.com
    Description:
    The password notification has been delivered to all targets.
     
    Tracking ID: a00c2d15-68b8-463a-ae6c-a49fe96dac30
    User GUID: 508df6ed-949a-4444-9559-157984865ee2
    User: ADMINISTRATION\208222
    Targets: PCNSCLNT
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="PCNSSVC" />
        <EventID Qualifiers="16384">2100</EventID>
        <Level>4</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-03-19T03:50:37.000Z" />
        <EventRecordID>4495</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DC5.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>a00c2d15-68b8-463a-ae6c-a49fe96dac30</Data>
        <Data>508df6ed-949a-4444-9559-157984865ee2</Data>
        <Data>ADMINISTRATION\208222</Data>
        <Data>PCNSCLNT</Data>
        <Data>
        </Data>
      </EventData>
    </Event>
    
    --------------------------
    Log Name:      Application
    Source:        OLMA
    Date:          19/03/2010 2:50:41 PM
    Event ID:      1010
    Task Category: (1)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DC5.mydomain.com
    Description:
    Access is denied. Error Message: Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="OLMA" />
        <EventID Qualifiers="49156">1010</EventID>
        <Level>2</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-03-19T03:50:41.000Z" />
        <EventRecordID>4496</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DC5.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.</Data>
      </EventData>
    </Event>
    
    ---------------
    Log Name:      Application
    Source:        MSExchange Common
    Date:          19/03/2010 2:50:41 PM
    Event ID:      4999
    Task Category: (1)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DC5.mydomain.com
    Description:
    The description for Event ID 4999 from source MSExchange Common cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    
    If the event originated on another computer, the display information had to be saved with the event.
    
    The following information was included with the event:
    
    652
    E12
    c-buddy-DBG-x86
    14.00.0650.021
    miiserver
    M.E.GALSync.ManagementAgent
    M.E.X.PSDataProvider.InvokeCmdlet
    M.MetadirectoryServices.AccessDeniedException
    3422
    14.00.0650.021
    False
    
    the message resource is present but the message is not found in the string/message table
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchange Common" />
        <EventID Qualifiers="16388">4999</EventID>
        <Level>2</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-03-19T03:50:41.000Z" />
        <EventRecordID>4497</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DC5.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>652</Data>
        <Data>E12</Data>
        <Data>c-buddy-DBG-x86</Data>
        <Data>14.00.0650.021</Data>
        <Data>miiserver</Data>
        <Data>M.E.GALSync.ManagementAgent</Data>
        <Data>M.E.X.PSDataProvider.InvokeCmdlet</Data>
        <Data>M.MetadirectoryServices.AccessDeniedException</Data>
        <Data>3422</Data>
        <Data>14.00.0650.021</Data>
        <Data>False</Data>
        <Data>
        </Data>
      </EventData>
    </Event>
    ---------------
    Log Name:      Application
    Source:        MIIServer
    Date:          19/03/2010 2:50:41 PM
    Event ID:      6800
    Task Category: (7)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DC5.mydomain.com
    Description:
    The password management extension encountered an error.
     The stack trace is:
     
     "Microsoft.MetadirectoryServices.PasswordExtensionException: Error in the application.
       at Microsoft.Exchange.XmaConnector.PSDataProvider.ReportError(Exception e, ScorecardCounter scorecard)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.InvokeCmdlet(PSCommand cmd)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.SetDataObject(String task, Dictionary`2 csentry, String[] supportedParameters, Dictionary`2 defaultValues)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.SetSyncMailbox(Dictionary`2 csentry)
       at Microsoft.Exchange.XmaConnector.XmaExportExLabs.SetPassword(Dictionary`2 Entry)
       at Microsoft.Exchange.XmaConnector.PWExtension.IlmPWExtension.SetPassword(CSEntry csentry, String NewPassword)
       at Microsoft.Exchange.XmaConnector.PWExtension.IlmPWExtension.SetPassword(CSEntry csentry, String NewPassword)
    Microsoft Identity Integration Server 3.3.1139.2"
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MIIServer" />
        <EventID Qualifiers="49152">6800</EventID>
        <Level>2</Level>
        <Task>7</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-03-19T03:50:41.000Z" />
        <EventRecordID>4498</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DC5.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Microsoft.MetadirectoryServices.PasswordExtensionException: Error in the application.
       at Microsoft.Exchange.XmaConnector.PSDataProvider.ReportError(Exception e, ScorecardCounter scorecard)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.InvokeCmdlet(PSCommand cmd)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.SetDataObject(String task, Dictionary`2 csentry, String[] supportedParameters, Dictionary`2 defaultValues)
       at Microsoft.Exchange.XmaConnector.PSDataProvider.SetSyncMailbox(Dictionary`2 csentry)
       at Microsoft.Exchange.XmaConnector.XmaExportExLabs.SetPassword(Dictionary`2 Entry)
       at Microsoft.Exchange.XmaConnector.PWExtension.IlmPWExtension.SetPassword(CSEntry csentry, String NewPassword)
       at Microsoft.Exchange.XmaConnector.PWExtension.IlmPWExtension.SetPassword(CSEntry csentry, String NewPassword)
    Microsoft Identity Integration Server 3.3.1139.2</Data>
      </EventData>
    </Event>
    Could someone please have a look through the errors above, and see if they can spot anything obvious please?

  10. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    I deleted the whole ILM server (joys of virtualisation) and started fresh.

    Took me the whole day (started at 11am and its now 11pm) But I now have ILM syncing passwords with Live@edu

  11. #10

    Join Date
    Apr 2010
    Location
    Oahu
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hello can't figure out the syntax to configure the Pcnscfg.exe I get this error:

    'Pcnscfg.exe' is not recognized as an internal or external command,
    operable program or batch file.

    I followed these instructions: Implementing the Automated Password Synchronization Solution - Step-by-Step
    and tried also not putting the extension .exe, but I still get the same issue.

    When I finish step 2 I checked if the installation went thru fine and this is the out put to the setspn -L OLSync command: "Registered ServicePrincipalNames for CN=OLSync,CN=Users,DC=adtest,DC=byuh,DC: "
    Seems to be configured correctly but now I'm stuck because when I go to the next step I that message that PCNSCFG is not recognized.

    Can some one help please?

    Thanks

    Manu

    P.S.
    I wrote the same question on the Outlook live answers website but I keep getting ignored...very frustrating.

  12. #11

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Quote Originally Posted by ManuPug View Post
    Hello can't figure out the syntax to configure the Pcnscfg.exe I get this error:

    'Pcnscfg.exe' is not recognized as an internal or external command,
    operable program or batch file.

    I followed these instructions: Implementing the Automated Password Synchronization Solution - Step-by-Step
    and tried also not putting the extension .exe, but I still get the same issue.

    When I finish step 2 I checked if the installation went thru fine and this is the out put to the setspn -L OLSync command: "Registered ServicePrincipalNames for CN=OLSync,CN=Users,DC=adtest,DC=byuh,DC: "
    Seems to be configured correctly but now I'm stuck because when I go to the next step I that message that PCNSCFG is not recognized.

    Can some one help please?

    Thanks

    Manu

    P.S.
    I wrote the same question on the Outlook live answers website but I keep getting ignored...very frustrating.
    The output to your setspn -L OLSync is incorrect. It should actually give you an extra line after that

    Code:
    C:\>setspn -L ILMServiceAccount
    Registered ServicePrincipalNames for CN=ILMServiceAccount,CN=Users,DC=admin,DC=myschool,DC=nsw,DC=edu,DC=au:
            PCNSCLNT/ilm.admin.myschool.nsw.edu.au
    What command did you run for the setspn?

  13. #12

    Join Date
    Apr 2010
    Location
    Oahu
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    This is the command that I ran:setspn.exe -A PCNSCLNT/DCTEST.ADTEST.xxx.EDU\OLSync
    DCtest is the test domain controller adtest.xxx.edu is the domain and OLSync is the account that I created to run OLsync.

    What am I doing wrong?
    Is this why the 'Pcnscfg.exe' is not working?

    Thanks
    Manu

  14. #13

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Code:
     setspn.exe -A PCNSCLNT/DCTEST.ADTEST.xxx.EDU nameofyourdomain\OLSync
    then the PCNS line would be

    Code:
    pcnscfg.exe addtarget /n:PCNSCLNT /a:DCTEST.ADTEST.xxx.EDU /s:PCSNCLNT/DCTEST.ADTEST.xxx.EDU /fi:"Domain Users" /f:3
    Where it says Domain Users, you can change that to a more specified group. Eg, I used a group called Students.

    Make sure you clear any wrong entries by using
    Code:
    setspn.exe -D <name of the wrong one>
    and
    Code:
    pcsncfg.exe DELETETARGET /n:<name of the wrong one>
    You can check what they look like with
    Code:
    setspn.exe -L OLsync
    and
    Code:
    pcnscfg.exe -LIST
    hope this helps

  15. #14

    Join Date
    Apr 2010
    Location
    Oahu
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks Rabbieburns now I get the correct code for setspn, but no matter what I write I get the same error for the PCNSCFG, I tried to change folder from where I executed it but still the same. I tried to do a search for the actual file on the computer but I could not find it. I believe not to be installed, where do I get it and install it?
    Thanks

    Manu

  16. #15

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Its on the ILM cd in a folder \MIIS\Password Synchronization\ there is a x86 and x64 version.

    You need to install it on every single one of your Domain Controllers.

    and then you need to change to the C:\Program Files\Microsoft Password Change Notification\ folder and run the command from there



SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. ipod sync to pc
    By layercake426 in forum Windows
    Replies: 8
    Last Post: 22nd July 2011, 08:42 AM
  2. Sync folder
    By irsprint in forum How do you do....it?
    Replies: 5
    Last Post: 14th June 2009, 07:06 PM
  3. How do I... sync
    By matt40k in forum Coding
    Replies: 0
    Last Post: 1st June 2009, 03:28 PM
  4. Kaleidos - sync with anything?
    By theriver in forum Virtual Learning Platforms
    Replies: 3
    Last Post: 9th March 2009, 12:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •