Domain Migration Administrator 7.2
Unable to migrate passwords to Windows 2003 SP1.
Password migration fails after upgrading to Windows 2003 service pack 1.
Error: 'E20410: Password Copy Extension extension returned a Failed result hr=0x80070005'
Error: 'E20773: The RPC server is unavailable'
Error: 'Password Copy Extension extension returned a Failed result hr=0x800706ba'
There is a Group Policy in place that disables the ability for any named pipes to be used anonymously. These settings are as follows:
- Network access: Restrict anonymous access to Named Pipes and Shares
- Network access: Named Pipes that can be accessed anonymously
In the original Windows Server 2003 release, there are 6 named pipes that are actually hard-coded into the srv.sys file as being anonymous.
Those pipes are:
- \pipe\netlogon (\pipe\lsass aliases)
- \pipe\browser (\pipe\ntsvcs aliases)
Those pipes remain anonymous in the original Windows Server 2003 release, regardless of the Group Policy settings. When you upgrade to service pack 1, the browser, lsaprc, samr, and netlogon pipes are supposed to be added directly into the NullSessionPipes portion of the registry to keep things from breaking. However, in this case the GPO that makes NullSessionPipes empty clears those 4 entries.
Add the browser, lsaprc, samr, and netlogon named pipes back to the list of named pipes that can be accessed anonymously in the Default Domain Controller Security Policy GPO.