locked
pcns fail to start RRS feed

  • Question

  • Hi,


    I am using ILM 2007 for password synchronization,

    i installed PCNS on all domain controllers and rebooted,

    in one of the domain controller the PCNS service is not starting when i reboot

    please let me know "what are the dependencies for PCNS service to start ".



    Tuesday, February 23, 2010 1:47 PM

Answers

  • You really should provide more information on your setup. (More help here)

    Which build of ILM are you running? Server OS versions? SQL Server build? ...
    How did you configure the PCNS service (svc account, spn config, ...)

    Did you enable verbose logging of PCNS?

    Also check these posts:
    - PCNS Troubleshooting (see verbose logging)
    - MIIS Password Sync errors
    - PCNSSVC Start and then stop with the following a event id 7000 error

    With the very limited information you provided, also check this (rather old) KB article (KB899760).

    You really should inspect the event viewer for errors.

    You said not getting an error when you try to start the service manually, but when you reboot the server (and wait long enough before you logon), do you get an error message?

    Kind regards,
    Peter


    Peter Geelen - Sr. Consultant IDA (http://www.traxion.com)

    [If a post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered or Helpful, you help others find the answer faster.]
    Wednesday, February 24, 2010 6:17 PM

All replies

  • What error you get in the event log or when you try to start it manually?
    Tuesday, February 23, 2010 2:50 PM
  • thanks for the reply.

     i have not received any error when i try to start it manually,

    i am not able to find the case why PCNS service is not starting up automatically even thow the service

     start up is set to automatic.

     

     


     

    Tuesday, February 23, 2010 3:33 PM
  • You really should provide more information on your setup. (More help here)

    Which build of ILM are you running? Server OS versions? SQL Server build? ...
    How did you configure the PCNS service (svc account, spn config, ...)

    Did you enable verbose logging of PCNS?

    Also check these posts:
    - PCNS Troubleshooting (see verbose logging)
    - MIIS Password Sync errors
    - PCNSSVC Start and then stop with the following a event id 7000 error

    With the very limited information you provided, also check this (rather old) KB article (KB899760).

    You really should inspect the event viewer for errors.

    You said not getting an error when you try to start the service manually, but when you reboot the server (and wait long enough before you logon), do you get an error message?

    Kind regards,
    Peter


    Peter Geelen - Sr. Consultant IDA (http://www.traxion.com)

    [If a post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered or Helpful, you help others find the answer faster.]
    Wednesday, February 24, 2010 6:17 PM
  • I had the same issue on one of my DCs.  It ended up that the Dell system management software services were causing the problem.  As soon as I disabled the for DSM SA ... services the PCNS service worked as it should.  Hope this helps...
    Thursday, February 25, 2010 4:14 PM
  • Same problem, but with specifics

    VMWare ESXi 4.1 - Server 2008 R2 SP1 Enterprise - Domain Controller

    Service rarely starts automatically (maybe 1 out of 10 reboots successful), occurs on multiple DC's both Virtual and Hardware based

    Event Viewer reports

    2105 PCNS starting

    7000 An unexpected error occured. service .cpp (769): The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

    2002 PCNS stopped

    Manual Start of service after console logon, no problem.

    Failed Attempts to correct:

    uninstall/reinstall - no change

    Scale back DEP - no change

    Temporary Work Around

    Automatic (Delayed Start) for PCNS service

    Down side is in my experience if PCNS isn't running it won't transmit changes. So it leaves you a 2 minute gap where a password change could occur and ILM will never be notified. There are clearly dependencies for PCNS startup, (like your CA Server hosted on the DC) but these dependencies are not configured, nor listed anywhere. We're living with the pain of stopping our inbound changes while we patch and reboot DCs. Frankly, we will move away from ILM and PCNS at the first opportunity that presents itself. PCNS is a band-aid solution to something that should really be included with the DC "features" and work correctly every time. Afterall, the only reason we run this pain-in-the-rear software is to use a MS cloud service.

    Any ideas or solutions are welcome.

    Friday, February 17, 2012 4:25 PM