During a forest recovery, the password for KRBTGT is not getting reset. You receive the following error in the console - "An operation failed to execute: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements."
Please make sure the password being used in the DSRM portion of the under Settings in the Forest Recovery Console meets the password complexity settings in your Active Directory Environment.
An alternate reason that causes this error to occur is that a PASSFILT.DLL has been implemented on the Domain Controller where the KRBTGT password is trying to be reset.
To identify if you have this DLL file. The DLL file should be located in the C:\Windows\System32 directory of the Domain Controller. As well a registry entry can be found in the following location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
Double click on the Notification Packages REG_MULTI_SZ.
In the list of values for this key PASSFILT will be at the top of the list.
Workaround - Remove the PASSFILT entry from the Notification Packages REG_MULTI_SZ key and reboot the Domain Controller. Then restart the Forest Recovery process.
An enhancement to work around the passfilt.dll is beign considered for a future version of RMAD FE.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center