During either migration or directory synchronization the following error is found in DSA (Directory Synchronization Agent) log file , and passwords are not synchronized:
4/22/2008 9:40:50 AM (GMT+02:00) Common AcAdSwitches Error 0xe1000051. Cannot compare password hashes, source user: "user1", target user: "user2"
Error 0x800706f7. Cannot install AePAgent. Cannot get path to the Windows directory on the remote system. The stub received bad data. (source=AePwd.PwdInstEx.1).
This has been identified as a problem with WAN communications where its configuration prohibits certain Microsoft API calls.
Currently the only workaround for this issue is to deploy DC on the same subnet as the server with the Quest DSA installed.
To verify this please perform testing using the NetShareGetInfo.exe Microsoft call. This call should be implemented from the DSA computer to the domain controller referenced within the dsa.log file. Attached tool calls the same function as the DSA does to install AePagent agent.
Proper syntax should be:
NetShareGetInfo.exe ADMIN$ <DNS name of domain source controller>
if an error is generated, then Microsoft should be consulted as to why this native API call is failing.
This utility was provided by Quest Software development and the only thing which it does is calling NetShareGetInfo Function described here: http://msdn.microsoft.com/en-us/library/bb525388(VS.85).aspx ) . Source code also provided to verify what exactly it does. If this utility fails it means Microsoft API does not work due to some connectivity issues and Microsoft needs to be contacted. QMM utilize NetShareGetInfo Function to install password agent and cannot synchronize passwords without it.