Performing an Active Directory Migration from a windows server 2008 FFL forest to another windows server 2008 FFL forest. User accounts migrate fine, so do computer accounts. However when the ADMT agent goes to update the domain membership on the member computers in one domain I recieve the following error in the ADMT Agent logs:
2009-12-22 14:21:15 ERR3:7075 Failed to change domain affiliation, hr=800704f1 The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
To get around this ensure that you have "Allow cryptography algorithms compatible with Windows NT 4.0" enabled on the default domain controllers policy in both the source and destination domain.
To do this follow Microsoft KB Article 942564: