PCNS Event ID 6903 6907 6902 not found
Hi, We have a forest Forest1 where DCs and the FIM server are located in the same domain. Password changes of Forest1 work fine and each time a password change is made event id 2100 record on the DC and event id 6903,6907,6902 record in the FIM server. 6903 - A password Notification was received from a Password Change Notification Service 6907 - A password Notification was successfully staged for synchronization 6902 - A password synchronization set operation was successful in a target connected data source. Our company recently established a two way trust with one of our international partners and we have installed PCNS on their DCs and configured enabled Password Sync on the new management agent as well. So Forest 1 has DC1,2,3 and FIM01 (fim server) Forest 2 also has DC4,5,6. Two-way trust is established between Forest 1 and Forest 2. PCNS is installed on DC4,5 and 6 and the target FIM server is on Forest 1. Firewall ports have been opened between the DC4,5,6 and the FIM01 server. we have tested password sync of users from Forest 2, we were able to locate event 2100 in the DCs of Forest 2. But eventid 6903,6907 or 6902 are not recorded on the FIM server for the user in Forest 2. However I was able to locate records in the FIM database that password change occured for the user in Forest 2. Any idea why the events are not recorded for password change for a user in Forest 2 while they are recorded for password changes for a user in Forest 1? Please advise. Are these events 6903,6907 or 6902 mandatory to confirm that password change is successful or can we just rely on the event 2100 that is recorded on the DCs? Thanks in advance.
February 15th, 2012 2:18pm
The logging on the sync server should be determined by the FeaturePwdSyncLogLevel value in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\miiserver\Logging There are four levels:ReferenceGuid = guid 0 = Minimal Logging 1 = Normal logging (default) 2 = High logging 3 = Verbose logging Hence it should be consistent no matter which forest originated the password change. However, you can query the password change history via WMI From the FIM Sync WMI Reference: Select * from MIIS_PasswordChangeHistoryTarget Where querystatement In this query, querystatement can be one of the following: MIISReceiveTime < time MIISReceiveTime > time MIISReceiveTime > time and MIISReceiveTime < time CsGuid = guid GUID = guid MaGuid = guid David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
April 24th, 2012 5:45pm