PCNS: RPC exception attempting to deliver a notification

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Summary



When using the Password Change Notification Service (PCNS) the password change is not delivered from the DC to the ILM server and you see the following error in the Event Log on the Domain Controller:


Event Type:        Error
Event Source:    PCNSSVC
Event Category:                Error
Event ID:              6025
Date:                     5/13/2009
Time:                     8:03:23 PM
User:                     N/A
Computer:          MY-DC


Description: Password Change Notification Service received an RPC exception attempting to deliver a notification.


The password change notification target could not be contacted.


User Action:
The target server may not be running. Verify that the target server is running.


Additional Details:


 
Thread ID: 5364
Tracking ID: 43a60f6f-2e97-4a8f-b320-b56ed02c7295
User GUID: db36b68d-f23a-4866-891d-23f0a27ea6f2
User: MYDOM\pcnstest
Target: ILMSERVER
Delivery Attempts: 73
Queued Notifications: 3
0x000006D9 - There are no more endpoints available from the endpoint mapper.
 


ProcessID is 648
System Time is: 5/14/2009 0:3:23:207
Generating component is 2
Status is 1753 - There are no more endpoints available from the endpoint mapper.
Detection location is 501
Flags is 0
NumberOfParameters is 4
Unicode string: ncacn_ip_tcp
Unicode string: mymachine.mycompany.com
Long val: -647262927
Pointer val: 785240

Cause

On the ILM server the settings  under  Local Security Settings\Local Policies\User Rights Assignment - Access this computer from the network, have been changed from the defaults.

Resolution



At a minimum, all DC's that will be sending password changes must be given this access. Note that it is recommended not to change the default settings, which are


1. Administrators local group
2. Everyone
3. Users Local group

More Information



There are a number of possible causes of this error, most of which can be found by standard PCNS troubleshooting techniques such as verifying that the ILM service is running, the SPN is set correctly on the ILM service account and the output from pcnscfg -list shows a valid configuration.  This article addresses one specific cause that can not be found using the usual troubleshooting techniques and was difficult to isolate.


In order to communicate with the ILM service, the DC sending the password change must be allowed a network logon to the ILM machine. Auditing the logon event on the ILM machine showed a failed logon for the DC.


For more information on the side-effects of changing the "Access this computer from the network" setting see the following article


KB823659  - Client, service, and program incompatibilities that may occur when
you modify security settings and user rights assignments



Keywords:


PCNS, Password Change Notification Service, ILM, Identity Lifecycle Manager, MIIS, Microsoft Identity Integration Server

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.


TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Eigenschappen

Artikel-id: 973807 - Laatst bijgewerkt: 17 jul. 2009 - Revisie: 1

Feedback