Syskey Error When Attempting to Synchronize
When you attempt to synchronize passwords, you note errors similar to the following:
Error: Syskey found on \\SERVERX server in SERVERX target - Must install Agent on this system
There are two possible causes:
- Syskey encryption is enabled on the target server and the Server to Server Password Synchronizer agent is not installed on the target server.
- Syskey encryption is enabled on the target system, the agent is installed, but the incorrect target type is chosen in the Server to Server Password Synchronizer console.
Syskey encryption was first introduced in Windows NT4 Service pack 3 and among other things, provides encryption to the hashes stored in the system's local SAM. In NT4, when SP3 or later was installed, you could choose to turn on Syskey encryption or not. From Windows 2000 and later, Syskey is turned on and cannot be turned off though you can set various Syskey options by typing "Syskey" at your system's run menu. The SSPS agent is required locally on systems where Syskey is enabled in order to safely obtain the password information required for synchronization.
In the case where you receive the above error and you have a system where Syskey encryption is enabled, simply install the SSPS agent. It can be downloaded from here: http://www.liebsoft.com/index.cfm/products?id=294. The account specified to run this agent should be the same account as the one that is running the scheduling service for SSPS.
In the case where the agent is installed and you receive the above error, validate that the correct target type is configured for your target server. To set the correct target type:
- Stop synchronization by clicking the STOP button at the center of the SSPS console.
- Select your target system and click the EDIT button in the targets area at the right center area of the SSPS console.
- In the target's properties dialog in the top left corner you will find a PLATFORM area. Here, from the drop down list, set the platform type to "Agent: NT Syskey/W2K".
You will need to do this for all versions of Windows from NT4 with Syskey enabled to Windows 2000 and later.
Server to Server Password Synchronizer (SSPS,S2S)