OpenIDM 2.0.1 Password Sync Service between Active Directory and OpenDJ fails

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if the OpenIDM 2.0.1 Password Sync Service (AD Password Sync Plugin 1.0.0) stops working between Active Directory® and OpenDJ following an upgrade to Internet Explorer® 10 or Microsoft® Windows® update KB2670838. This issue is caused by the Password Sync Service crashing.


This article has been archived and is no longer maintained by ForgeRock.


The OpenIDM 2.0.1 Password Sync Service (AD Password Sync Plugin 1.0.0) installed on the Active Directory domain controllers crashes after a few seconds.

An error similar to the following is shown in the Event Viewer:

Event ID: 7034 The OpenIDM Password Sync Service service terminated unexpectedly. An error similar to the following is shown in the Application log: Event ID: 1000 Faulting application name: idmsync.exe, version:, time stamp: 0x4e6eff61 Faulting module name: CRYPT32.dll, version: 6.1.7601.18205, time stamp: 0x51dba487 Exception code: 0xc0000005 Fault offset: 0x0000000000006dc6 Faulting process id: 0x1218 Faulting application start time: 0x01cef594864c8ce7 Faulting application path: C:\Program Files\OpenIDM Password Sync\idmsync.exe Faulting module path: C:\Windows\system32\CRYPT32.dll Report Id: d7ab0286-6187-11e3-b266-005056a5000a

Recent Changes

Upgraded to Microsoft Internet Explorer® 10.

Upgraded to Microsoft Windows Server 2008 R2 SP1.


The upgrade to Internet Explorer 10 also installs the Microsoft Windows update KB2670838.

This patch is not solely a graphics patch; it also changes the winhttp gear which Password Sync Service uses for http(s) communication. This change causes the OpenIDM 2.0.1 Password Sync Service running on the Active Directory to crash within a few seconds of starting up.


This issue can be resolved by upgrading the AD Password Sync Plugin to version 1.0.3; you can download this from BackStage.


The AD Password Sync Plugin 1.0.3 is only compatible with OpenIDM 3.x by default but can be configured for backwards compatibility as detailed in How do I use AD Password Sync Plugin 1.0.3 with OpenIDM 2.x?.

Alternatively, you can uninstall the Microsoft Windows update KB2670838.

See Also

How do I use AD Password Sync Plugin 1.0.3 with OpenIDM 2.x?

Related Training


Related Issue Tracker IDs

OPENIDM-1574 (AD sync service might crash after applying latest Windows updates)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.