ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Workgroup to Domain + Credential Manager Issues
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Workgroup to Domain + Credential Manager Issues

 Post Reply Post Reply
Author
Message
tpar View Drop Down
Newbie
Newbie


Joined: 08 Sep 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote tpar Quote  Post ReplyReply Direct Link To This Post Topic: Workgroup to Domain + Credential Manager Issues
    Posted: 08 Sep 2022 at 9:29am
Hi all!

I've recently started migrating my company to our new DC and Active Directory, having used the freeware edition of Profwiz before. Everything works fine, and I was already aware that encrypted files are not migrated, so I've been exporting passwords from Chrome, Edge etc and transfering them over manually. Users only have to re-enter their e-mail password on Outlook.

However, I've run into a problem in almost all migrations. After the process is complete, it breaks the Windows Credential Manager. Passwords can't be saved anywhere, and trying to open Cred Manager gives an error. After a bit of Googling, some registry hacks and restarting of the service fixes it and passwords can be saved again.

The weird part is that, if a domain user's password is changed, be it centrally from the domain controller, or from the user's computer, all saved credentials disappear. Cred Manager continues working and saves new passwords, but the old ones are gone. Changing back to their previous password restores them, so it appears they are somehow tied to their current AD password.

I haven't managed to find a solution to this issue, and as users will be required to change their password every 6 months, this could cause problems down the line. I think it's safe to assume that fixing the original migration issue with Cred Manager and not having to resort to the registry fix would solve this, but I cannot be sure.

Any ideas would be greatly appreciated!
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 08 Sep 2022 at 2:05pm
Hi, 

We have never received any reports of Credential Manager not working after a migration. 

What version of User Profile Wizard, and what OS are these computers running?

I agree, resolving the issue with whatever is breaking Credential Manager is what you need to focus on. Please can you send us more information about the original Credential Manager error you receive after the migration?

Without seeing any information, my first suspicion would be that maybe AV or Security software could be interfering with the migration. I suggest running the migration on a vanilla build to prove it works as expected to try to identify the software/setting that is causing this issue. 

If you still have a problem, please can you send more information and a migration log file to support@forensit.com 

Support
Back to Top
tpar View Drop Down
Newbie
Newbie


Joined: 08 Sep 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote tpar Quote  Post ReplyReply Direct Link To This Post Posted: 08 Sep 2022 at 2:14pm
Hi!

Thank you for your reply. I should have included the OS on those computers in my original post, but I forgot. This happens to both Windows 10 and Windows 11 computers, all fully updated and no dev channels. The Domain Controller is a Windows Server 2019 server. All the migrations were done using Release 24 of User Profile Wizard.

Trying to open Credential Manager after migrating (using Control Panel) gives two errors: The initial one I have no logs of currently, but the solution to it is restarting the service. The second one is always error 0x80090345, which leads me to the registry hack fix.

I will be formatting a spare laptop (or creating a VM) to attempt a fresh migration without our AV software (Bitdefender, in case it ends up being important), as well as one on a production computer after uninstalling the AV software, and get back to you, probably tomorrow.

Thank you for your time!
Back to Top
tpar View Drop Down
Newbie
Newbie


Joined: 08 Sep 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote tpar Quote  Post ReplyReply Direct Link To This Post Posted: 09 Sep 2022 at 1:39pm
Hello again,

Coming back to this issue, it would indeed appear that the problem was caused by the AV Suite installed. Uninstalling the software, performing the migration and reinstalling it seems to work just as it should. Have tried it in 3 different migrations so far, none caused a problem.

Now I guess I'll have to look for a solution to the problem caused on already finished migrations, but at least I now know how to prevent it from happening again.

Thank you very much for your time and advice!
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 09 Sep 2022 at 2:08pm
Hi, 

Thank you for updating us. 

What AV software was this?

On the profiles you have migrated that were impacted, you could perhaps try migrating the profile back to the original account, and then migrating again. 

Support.
Back to Top
tpar View Drop Down
Newbie
Newbie


Joined: 08 Sep 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote tpar Quote  Post ReplyReply Direct Link To This Post Posted: 09 Sep 2022 at 2:14pm
I'll try doing that next week and see how it goes, and I'll update accordingly.

The AV software is Bitdefender Business Security, app is called Bitdefender Endpoint Security Tools.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 13 Sep 2022 at 11:27am
Hi, 

I've just tested a migration while running Bitdefender Endpoint Security Tools (Product version 7.6.3.211, Engines version 7.92824) and I've been unable to reproduce the problem you described. 

Bitdefender was installed, migrated a profile, joined the computer to the new domain, I loaded Credential Manager after (no error), added a Windows Credential. Reset the user's password on the DC and logged back on again, and the stored Windows Credential was still present. 

There were no custom settings on this Bitdefender config, do you have any custom settings that might affect this?

Many thanks,

Support.
Back to Top
tpar View Drop Down
Newbie
Newbie


Joined: 08 Sep 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote tpar Quote  Post ReplyReply Direct Link To This Post Posted: 13 Sep 2022 at 3:19pm
Hi again,

There were no custom settings on Bitdefender on my side either, using the same product and engine versions you mentioned. However, I currently suspect there might have been some conflict between Bitdefender and a (mis)configuration of Group Policy, possibly made by another admin.

I will be testing this issue again as I am not yet done with the migrations, and report back.

Thank you.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.047 seconds.