After some issues to get the new feature of the Password Sync up and running I’ll summarize the pitfalls I went through. The process is documented well on the official HCL Product Documentation ( https://bit.ly/3vyZFdq )
but with this summary I’ll document some issues.

Problem #1

During the configuration of the Domino Utility Servers on the Domain Controllers I received the error “Entry not found in index” when the server tried to create a replica of the Domino Directory. To resolve this issue I created a replica of the NAMES.NSF and also the especially for the Password Sync created Directory Assistance database and put them in the Domino\Data directory before the configuration.

Pitfall #1

Because you have to install a Domino Utility Server on each Domain Controller you also have to register a separate Domino Server. To ease this process I registered one server, copied this Server Document and registered 2 additional servers. The question to update an already existing document was of course answered with “Yes”.

After the installation of the Domino Servers on 3 Domain Controllers the Password Sync was working fine on the first Domain Controller and the changed passwords have been successfully synced to the ID Vault. On the other 2 Domain Controllers I received the following error:

[02A8:0004-07EC] 01.08.2022 14:37:29,48 AD Password Sync> PWSyncCaptureChangeNotify: Saving password change request failed: Unable to find path to server. Check your network or VPN connection. If you have a working connection, go to Preferences – Notes Ports and click Tr
[02A8:0004-07EC] 01.08.2022 14:37:29 Password Sync: Failed to capture password change: Unable to find path to server. Check your network or VPN connection. If you have a working connection, go to Preferences – Notes Ports and click Trace to discover where it breaks down.

I checked the server connections, created connection documents but still received those error messages. After some investigation I could solve the issue. During the registration of the first Domino Server for the Password Sync the value for the “Mail Server” was written in the Server Document and afterwards also in the NOTES.INI.

MailServer=CN=SPWSYNC02/O=……
MailType=0

Due to the copy of the Server Document this value was not changed during the “Re-Registration”, caused this error message and prevented the second and third Domain Controller to put the Password Change Request in the adpwsync.nsf.

So beware that if you copy Server Documents to modify this value BEFORE you rollout the NAMES.NSF to the Domino Utility Server.


Pitfall #2

After changing those entries and also the NOTES.INI settings the Password Sync was running fine – until the upgrade to HCL Domino 12.0.1 FP1. After the upgrade I could see the following errors on the Domino Server which is the Password Request Processor – in my case the Administration Server of the Domino Directory:

01.08.2022 18:13:40,25 [1DCC:0094-0F94] AD Password Sync> ConfigureStorageACL: Failed to add manager CN=Servername/O=Organization to storage ACL. The name is already in the list.
01.08.2022 18:13:40,25 [1DCC:0094-0F94] AD Password Sync> PWSyncUpdateProcessorCtx: ConfigureStorageACL returned error. The name is already in the list.
01.08.2022 18:13:40,25 [1DCC:0094-0F94] AD Password Sync> PWSyncProcessStoredRequests: PWSyncUpdateProcessorCtx failed with error The name is already in the list.
01.08.2022 18:13:40   Password Sync: Error updating password change request storage database ACL: The name is already in the list.

HCL Support worked very quick and shared the following article from the KB with me: https://bit.ly/3d6P2YZ

I checked the configuration document and could see that also the Password Processor and the Password Requestor Servers have been listed in the field “Managers of password sync requests”.

It´s not allowed to enter any Domino Server in this field – just your Domino Administration Group should be in here !! After removing the Domino Servers from the list the Password Sync was working again.



Hopefully you find those hints helpful and can save you some time when setting up Password Sync in your environment.