Hi ILM gurus =D!Basically, I have followed the "Publishing Active Directory Users From Two Authoritative Data Sources" document located at FIM2010 site.Right now, I have thefollowing scenario:+ Domain1\sourceAD (DC) with PCNS installed on it+ Domain1\FIM2010 RC1 server+ Domain 2\targetADI synchronized users from Domain1\sourceADto Domain2\targetAD successfully. Then, on Domain2 DC (target AD)I created a password for 'consultant' user and I was able to log in to Windows with that acct credentials.Later, I changed the password for the 'consultant' on domain1 DC (source AD) to trigger PCNS sync process. I reviwed the "Application" log on the FIM boxand found FIM sync servicefailed:An unexpected error has occurred during a password set operation. "ERR: MMS(2788): utils.cpp(960): Failed getting registry value 'AdExtTimeout', 0x2BAIL: MMS(2788): utils.cpp(962): 0x80070002 (The system cannot find the file specified.)BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition CN=Configuration,DC=Morgan,DC=net to the list because it already exists at position 0BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=Morgan,DC=net to the list because it already exists at position 1BAIL: MMS(2788): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=ForestDnsZones,DC=Morgan,DC=net to the list because it already exists at position 2ERR: MMS(2788): utils.cpp(740): Failed getting registry value 'ADMADoNormalization', 0x2BAIL: MMS(2788): utils.cpp(741): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2BAIL: MMS(2788): utils.cpp(796): 0x80070002 (The system cannot find the file specified.)ERR: MMS(2788): admaexport.cpp(3643): The Kerberos change operation failed: 0xc000005eERR: MMS(2788): ma.cpp(8157): ExportPasswordSet failed with 0x80004005Forefront Identity Manager 4.0.2560.0"** After 10 tries:The password synchronization set operation has exceeded the maximum retry limit for this target connected data source. Additional information: Tracking ID: {289AE4D9-B95F-4238-8E7C-500C8CA1A265} Reference ID: {1E5E5EEC-6BFC-45A0-BBEC-85B0A1763EB5} Target Object GUID: {0F444E8F-73E1-45BE-BA79-F9323010AAAA} Target DN: CN=consultant bt,OU=NewYork,DC=Morgan,DC=net Target MA Name: AD_destination Kerberos seems to be the source of the error. Does somebody has an idea of the source of thiserror?? Is it related to acct permissions? Please have mercy =P...thanks fellows!!...max

It is working perfectly on the DC side as the password change notification gets delivered to the ILM box according to the "Application" log of the DC box:The password notification has been delivered to all targets. Tracking ID: aa6fd2e3-2df3-4643-98b6-c0181cefa962 User GUID: 8b4ddc4c-5288-4023-857c-4d01911892dd User: MORGANDEV\consultant Targets: ilmboxOn the ILM box side I amgetting the unexpected error described in the section above. After enabling the kerberos loggin I got the following erroron the "System" log:*********AKerberos Error Message was received:on logon session morgandev\ilmmgmt<-----------------This is the FIM MA account.Client Time: Server Time: 4:21:37.0000 10/27/2009 ZError Code: 0x19 KDC_ERR_PREAUTH_REQUIREDExtended Error: Client Realm: Client Name: Server Realm: morgandevServer Name: krbtgt/morgandevTarget Name: krbtgt/morgandev@morgandevError Text: File: eLine: 98aError Data is in record data.***********thank you guys!!!max Does somebody has an idea or suggestion???? Please feel extremely FREE....

This appears to be an error in your Kerberos configuration. The 0xC000005E error code corresponds to a STATUS_NO_LOGON_SERVERS error. Try enabling Kerberos logging to see if it gives you any further details:http://support.microsoft.com/kb/262177Bruce Bequette - MSFT