Using synchronize password wizard at global or project level results in an error, even though source (NETIQKB12259)

fact
Domain Migration Administrator 7.1

symptom
Using synchronize password wizard at global or project level results in an error, even though source server override is used to specify a BDC without subkey.

symptom
Error: "E20684: Failed to get the password hash due to syskey encryption."

symptom
Passwords will migrate in the project but not in global wizards.

cause
The PDC in the source domain has syskey encryption.  There is a specific BDC without syskey encryption that has been used to successfully copy passwords during a user migration.  The property, Options.SourceServerOverride, was added to specify the BDC in both the protar and the project database.  However, when running the Synchronize Passwords wizard at either the global or project level, the migration.log indicates that Domain Migration Administrator (DMA) is connecting to the BDC for source information, and is still returning the error,  'E20684: Failed to get the password hash due to syskey encryption'.

fix

Workaround:

1. If you are using the Synchronize Passwords wizard at the global level, open the protar.mdb in Microsoft Access 2000.  If you are running the Synchronize Passwords wizard at the global level, open the project database in Microsoft Access 2000.

2. Open the Settings table.  For the property, Options.PasswordComputerName, in the Value column, enter the name of the unencrypted BDC in the format \\servername.

3. Close the database and run the Synchronize Passwords wizard again.

Formerly known as NETIQKB12259