DOCUMENT:Q273709 06-AUG-2002 [winnt] TITLE :Users Created With Active Directory MA Have A Blank Password PRODUCT :Microsoft Windows NT PROD/VER::2.2 OPER/SYS: KEYWORDS:kberrmsg kbtool ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Metadirectory Services 2.2 ------------------------------------------------------------------------------- SYMPTOMS ======== When you create users with the Active Directory Management Agent, the password may not be set correctly. However, the user is able to log on with a blank password. In the Compass client computer's operator's log, the following error message may be reported: ERR_00 0300 00/09/08 14:23:58.594 (AD-MA_LdapInitSSL) Couldn't connect to domain controller SERVER FQDN on port 636, LDAP error = 81 - Server Down ERR_00 0300 00/09/08 14:23:58.595 (AD-MA_dataFlowFromMdToAd) Failed to establish 128-bit SSL connection to where is the fully qualified domain name of the domain controller to which Microsoft Metadirectory Services (MMS) attempts to connect to. CAUSE ===== This behavior can occur if the domain controller and MMS do not use a cipher strength of 128-bits. RESOLUTION ========== To resolve this issue, install the 128-bit High Encryption Pack on the MMS-based server and all the domain controllers. If any Microsoft Windows 2000 service packs are installed on the affected computers, reinstall the current service pack. In addition, refer to the MMS Active Directory Management Agent Administration Manual. Under the Planning Issues section, read the Security Requirements. One of the necessary requirements is to have an Enterprise-Wide Certificate Authority in place along with 128-bit High Encryption. MORE INFORMATION ================ Windows 2000 Active Directory requires a connection over port 636 with 128-bit cipher strength to set the user password attribute UnicodePwd. Other attributes do not have this requirement. Additional query words: zoomit metadirectory MMS ADMA ====================================================================== Keywords : kberrmsg kbtool Technology : kbMMSSearch kbMMS220 Version : :2.2 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.