Unable to copy “Password Sync” encryption key from Windows 2003, SFU 3.5 to Windows 2008 R2

  • Article

Recently, we have a case where the customer was unable to copy the Password Sync encryption key from SFU 3.5 to Windows 2008 R2. The customer was getting the following error while copying the encryption key from Windows 2003, SFU 3.5 to Windows 2008 R2. However, the same key was getting copied to Windows 2003 R2.

 

The encryption key which got generated on Windows 2003, SFU 3.5 was :

  • [gg+-3409Bf_3q1b è( 16 characters)

On Windows 2008 R2, the new encryption key which gets generated was:

  • 4~5649\71M4]5lGpr5m7 è (20 characters)

 

So first, we thought that the issue would be with the difference in the number of characters. But, then we tried generating a new encryption key on Windows 2003 R2, it was also of 20 characters and we did not have any issues putting a 16 digit encryption character from Windows 2003, SFU 3.5 on Windows 2003 R2.

As per the help file for Password Sync, on Windows 2008 R2 the encryption key from Windows 2003, SFU 3.5 is meeting all the criteria:

The help file states:

Encryption key requirements

The encryption key must meet the following requirements:

  • It must be 16 to 21 characters long (21 is recommended).
  • It must contain characters from at least three of the following four groups:
  • Uppercase English letters (A–Z)
  • Lowercase English letters (a–z)
  • Westernized Arabic numerals (0–9)
  • Punctuation symbols ` ~ ! @ # $ % ^ & * _ – + = | \ { } [ ] : ; \ " ' < > . ?
  • It must not contain a left or right parentheses (that is a "(" or ")" character), a comma (,), or a blank space ( ).

 

So the difference in number of character was not causing the issue. Then we tested the special characters one by one and got to the root cause. The punctuation character ‘-‘ is not considered valid for the encryption key. This feature was introduced starting Windows 2008\Vista SP2

 

Hence we suggested the customer to generate a new key on Windows 2008 R2. Or replace the punctuation character '-' with something different. For example

 

Test results:

===========

1{qs\*4X{2j-[=>n6|\= (Not working ( from SFU 3.5))

With

1{qs\*4X{2j3[=>n6|\= (Working ( Replaced ‘-‘ with ‘3’))