Hi,
our Linux colleagues use Beyondtrust PBIS to connect Linux servers to AD in order to use AD user accounts for logon to Linux.
Every week we get 1-2 PCNS events with ID 7000:
Log Name: Application
Source: PCNSSVC
Date: 26.02.2019 16:48:18
Event ID: 7000
Computer: DC22.contoso.com
Description:
An unexpected error occurred.
LDAP://DC22/CN=CALT01,OU=Workstation,OU=CAX,OU=PBISCELLS,DC=contoso,DC=compwdLastSet
But it is not only PBIS, such events can stem also from ESX hosts:
LDAP://DC22/CN=EPKWKB,OU=ESXiServer-Prod,OU=T4,OU=SC37E,DC=contoso,DC=compwdLastSet
BTW: Yes, I know that the last word "compwdLastSet" in the distinguishedName doesnt make sense. I believe it is just a display issue, a missing white space char.
I have no glue how these events are created.
Now the thing is:
I tried to avoid these events by adding the group "Domain Computers" to the PCNS Excluded Group, but this doesnt work: Today we got an event again.
I have verified using ntdsutil: The computer CALT01 is indeed member of the Excluded Group and also of Domain Computers.
But obviously this membership doesnt help.
2 Question, please:
1) Does anyone know when exactly the PCNS Excluded Group is evaluated:
Is it one time after the PCNS service has started? Then I'd have to restart the service so that the new membership gets effective.
Or is it every time when PCNS is called? Then PCNS would compute in real-time if the actual user/computer is member of the Excluded Group. No service restart necessary.
2) Has anyone an idea what else I could do? (the more important question)
Thanks
Walter