Cause: Password Synchronization is not
configured identically on all domain controllers in the domain. As
a result, if a nonconforming domain controller accepts a user's
password change, it might not be able to change the password on
UNIX computers.
Solution: Ensure that Password Synchronization
is configured identically on all domain controllers, particularly
host settings and default settings for encryption keys and
ports.
Cause: Password policies are more restrictive
on some computers, user names do not match between Windows and UNIX
computers, or the user changed the password on a UNIX computer when
two-way synchronization is not set up.
Solution: Ensure that password policies on
Windows and UNIX computers that synchronize passwords are similar.
Otherwise, if the user changes the password on the less restrictive
computer, the more restrictive system might not accept the new
password. Password policies that govern minimum and maximum length,
character case and alphanumeric mix, expiration, and reuse must be
as close as possible between Windows and UNIX computers that
synchronize passwords. Also, Windows and UNIX system administrators
must ensure that that user names, including case, are identical on
the Windows and UNIX computers.
Cause: This error does not indicate a problem.
It is logged when a backup domain controller or domain member
server rests its secure channel with the domain. When this happens,
the server's associated password is also reset. Password
Synchronization intercepts these password change requests; because
they are for computer accounts rather than for user or group
accounts, Password Synchronization logs error number 4104.