Situation: the client followed all the steps in using admt 3.2 to migrate users and passwords but for some reason he was stuck on the Password Options Migrate passwords screen in ADMT with this message”Unable to establish a session with the password export server. The local machine does not have an encryption key for source domain ‘SERVER2012’. Please install a local encryption key. See the ADMT help for information on password migration.”
Quoted from online:
A new PES key was generated under the credentials of my TargetDomain migration account, and PES service was reinstalled on PDC.SourceDomain – – no improvement.
Contrary to the MS ADMT3.2 documentation [p65] we changed the PES service account credentials from Targetdomain\PES_account to SourceDomain\Mig
I can now successfully perform password migration within ADMT3.2 User Migration… using either Targetdomain\PES_account or SourceDomain\Mig as the account running ADMT on ADMT platform [GC-DC.TargetDomain.TargetForest.local]
The only outstanding question is WHY ?
– Why is the MS documentation not tallying with experience ?
– why has no one else explicitly blogged / newsgrouped this config ?
Ah well – running PES under a Source admin acocunt seems to work.