Password information is lost after you restore an MIIS 2003 or an IIFP database and abandon the encryption key set (818566)


The information in this article applies to:

  • Microsoft Identity Integration Server 2003 Enterprise Edition
  • Microsoft Identity Integration Feature Pack for Microsoft Windows Server Active Directory

SYMPTOMS

After you restore a Microsoft Identity Integration Server (MIIS) 2003 database or a Microsoft Identity Integration Feature Pack (IIFP) database from backup, you may experience both of the following symptoms:
  • Passwords that are used by management agents to authenticate to connected data sources are lost.
  • Passwords for user objects that were in the process of being provisioned are lost.

CAUSE

This issue may occur if all the following conditions are true, in the order that they are presented in:
  • You do not have a backup copy of the encryption key set.
  • You restore an MIIS database from backup.
  • You abandon the encryption key set.

RESOLUTION

To resolve this issue, do one or both of the following, as appropriate to your situation:
  • Manually set the passwords that management agents use to authenticate to connected data sources.
  • In Identity Manager, search for the connector space objects by using the Pending Export and the Add scopes to view a list of user objects that were in the process of being provisioned. After you view this list, do one of the following:
    • Disconnect and then reprovision the user objects.
    • Continue to export the user objects, and then manually set the passwords.

MORE INFORMATION

In MIIS 2003, you use the Key Management utility (Miiskmu.exe) to manage the encryption key set. You can use this tool to back up a key set, to add a new key to a key set, or to abandon a key set.

Microsoft recommends that you back up your encryption key set to a floppy disk and store it in a secure location for use in restore procedures. To restore a database in MIIS, you must have a backup that reflects the most recent state of the encryption keys on your primary MIIS server. If you do not have a backup of the encryption key set, you may have to abandon the key set. When you abandon a key set, encrypted data is deleted from MIIS.

For more information about working with encryption keys in MIIS, see MIIS Help. In MIIS Help, click the Search tab in the Type the word(s) to search for box, type encryption keys, and then click List Topics to view the topics that are returned.
Modification Type:MajorLast Reviewed:3/8/2004
Keywords:kbprb KB818566 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.