Return
-
Title
Active Directory synchronization fails with error: "The encrypted value cannot be unencrypted. There is no unencryption configured" -
Description
Active Directory synchronization fails to proceed when the encrypted values in the ADSAccount table cannot be decrypted.
Error message in Synchronization Editor:
"[1777018] Error executing workflow (Initial Synchronization) of synchronization project (Active Directory Domain (DC=xxx,DC=xxx))....[809016] The encrypted value cannot be unencrypted. There is no unencryption configured." -
Cause
Synchronization editor fails to decrypt the encrypted values because the incorrect private key has been loaded into the JobServer.
Error message in JobService log:
[2134007] Error loading synchronization project (CCC-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)!...[809014] Encryption error. The data was probably encrypted with the wrong public key. -
Resolution
1. Run the below SQL query to check if "UserPasswords" is the only column in the ADSAccount table that has been encrypted:
select ColumnName from DialogColumn where IsCrypted = 1 and UID_DialogTable = 'ADS-T-ADSAccount'
2. Clean up the existing "UserPasswords" values in the ADSAccount table by running the below SQL update:
update ADSAccount set UserPassword = null where ISNULL(UserPassword, '') <> ''
Please ensure a recent database backup exists.