Support-Tip: (PCNS) Passwords stopped synchronizing, Passwords stopped working
PRODUCT FOCUS
- Password Change Notification Service (PCNS)
PROBLEM SCENARIO DESCRIPTION
- Recently worked on an issue where after a database restore, passwords were no longer synchronizing from Active Directory to the Target datasource.
NOTE | An issue like this one, could occur if the Synchronization Service Database is restored from backup. |
CAUSE
- In reviewing the Application Event Log on the Source Domain Controller, the Event ID 6025 was found. An Event ID of 6025 is an indication that there is something wrong with the Password Change Notification Service (PCNS) service. Event ID 6025 is a very common Event ID with several different messages/stacks, so it will need to be opened and reviewed to understand what is happening.
NOTE | Find information on troubleshooting the Event ID 6025 at the Event ID 6025 Troubleshooter Wiki page found here: https://social.technet.microsoft.com/wiki/contents/articles/2762.fim-password-synchronization-pcns-resource-wiki.aspx |
- In the particular issue I was working on, the Event ID 6025 contained a Status of 1753. (Status is 1753 - There are no more endpoints available from the endpoint mapper)
- The status of 1753 is an indication that there is a connectivity problem between the domain controller and the Synchronization Service Engine
- In the Event ID 6025 Troubleshooter, information exists about this particular status. (https://social.technet.microsoft.com/wiki/contents/articles/4159.pcns-troubleshooting-event-id-6025.aspx#Status_1753_There_are_no_more_endpoints_available_from_the_endpoint_mapper)
- The cause was identified in the Options dialog. Password Synchronization was not enabled. (Synchronization Service Manager Console > Tools > Options > Enable Password Synchronization)
- Enable Password Synchronization check box can become unchecked, disabling Enable Password Synchronization, if a Synchronization Service Database is restored from back up.
RESOLUTION
- In the Synchronization Service Manager Console, select Tools > Options
- Check Enable Password Synchronization at the bottom of the dialog
- Click Ok
- Test a password reset
NOTE | This may resolve the problem or may expose another issue. It is always important to test and confirm that passwords are not synchronizing properly by testing a password reset. |
LINKS
Here are some links about the issue and that may assist in future Password Management (PCNS – Password Synchronization) issues.
- Status 1753: There are no more endpoints available from the endpoint mapper: https://social.technet.microsoft.com/wiki/contents/articles/4159.pcns-troubleshooting-event-id-6025.aspx#Status_1753_There_are_no_more_endpoints_available_from_the_endpoint_mapper
- Event ID 6025 Troubleshooter: https://social.technet.microsoft.com/wiki/contents/articles/4159.pcns-troubleshooting-event-id-6025.aspx
- PCNS Resources Wiki: https://social.technet.microsoft.com/wiki/contents/articles/2762.fim-password-synchronization-pcns-resource-wiki.aspx