PBIS Status showing Unknown

[KoyelPaul]

Version: 8.5.1.206
OS/Distro: SUSE Linux Enterprise Server for SAP Applications 12 SP1
Issue/Impact:
Note: replace content with your own
Getting Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56].
pbis status command is returning status: Unknown.

1. systemctl status lwsmd.service
   lsass.log

iptprdsap129:~ # systemctl status lwsmd.service
lwsmd.service - BeyondTrust PBIS Service Manager
Loaded: loaded (/usr/lib/systemd/system/lwsmd.service; enabled)
Active: active (running) since Thu 2020-03-12 17:49:23 AEST; 3h 59min ago
Process: 87832 ExecStop=/opt/pbis/bin/lwsm shutdown (code=exited, status=0/SUCCESS)
Process: 87929 ExecStart=/opt/pbis/sbin/lwsmd --start-as-daemon (code=exited, status=0/SUCCESS)
Main PID: 87931 (lwsmd)
CGroup: /system.slice/lwsmd.service
├─87931 /opt/pbis/sbin/lwsmd --start-as-daemon
├─87998 lw-container lwreg
├─88070 lw-container eventlog
├─88144 lw-container netlogon
├─88213 lw-container lwio
├─88285 lw-container lsass
└─88370 lw-container reapsysl

Mar 12 17:49:22 iptprdsap129 eventlog[88070]: Logging started
Mar 12 17:49:22 iptprdsap129 netlogon[88144]: Logging started
Mar 12 17:49:22 iptprdsap129 lwio[88213]: Logging started
Mar 12 17:49:22 iptprdsap129 lsass[88285]: Logging started
Mar 12 17:49:23 iptprdsap129 reapsysl[88370]: Logging started
Mar 12 17:49:23 iptprdsap129 systemd[1]: Started BeyondTrust PBIS Service Manager.
Mar 12 17:49:33 iptprdsap129 lsass[88285]: [LwKrb5GetTgtImpl /builder/src-git/Platform/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
Mar 12 17:49:33 iptprdsap129 lsass[88285]: [lsass] The cached machine account password was rejected by the DC.
Mar 12 17:52:44 iptprdsap129 lsass[88285]: [LwKrb5GetTgtImpl /builder/src-git/Platform/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
Mar 12 17:52:44 iptprdsap129 lsass[88285]: [lsass] Failed to run provider specific request (request code = 14, provider = 'lsa-activedirectory-provider') -> error = 40022, symbol = L...t pid = 88987
Hint: Some lines were ellipsized, use -l to show in full.
iptprdsap129:~ #

2. /opt/pbis/bin/lwsm list
   iptprdsap129:~ # /opt/pbis/bin/lwsm list
   lwreg running (container: 87998)
   dcerpc stopped
   eventlog running (container: 88070)
   lsass running (container: 88285)
   lwio running (container: 88213)
   netlogon running (container: 88144)
   rdr running (io: 88213)
   reapsysl running (container: 88370)
   usermonitor stopped
   iptprdsap129:~ #

3. /opt/pbis/domainjoin-cli query
   iptprdsap129:~ # /opt/pbis/bin/domainjoin-cli query

Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]

The password is incorrect for the given account
iptprdsap129:~ #

4. pbis status
   iptprdsap129:~ # pbis status
   LSA Server Status:

Compiled daemon version: 8.5.1.206
Packaged product version: 8.5.206.2564
Uptime: 0 days 4 hours 0 minutes 52 seconds

[Authentication provider: lsa-activedirectory-provider]

    Status:        Unknown
    Mode:          Unknown

iptprdsap129:~ #

5. /opt/pbis/bin/enum-users
   iptprdsap129:~ # /opt/pbis/bin/enum-users
   TotalNumUsersFound: 0

6. attach logs

• /opt/pbis/bin/lwsm set-log-target -p lsass - file /tmp/lsass.log
• /opt/pbis/bin/lwsm set-log-level -p lsass - debug
• attach log >>> attached /tmp/lsass.log

Output/Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56].
[lsass] The cached machine account password was rejected by the DC.

Steps to Reproduce:

1. install command
2. Domainjoin command
3. Command that returns issue

[davidmorash]

Please try the latest version. There was a fix in recent versions re: starting up on SLES. Mar. 12, 2020 8:59:25 a.m. KoyelPaul <notifications@github.com>:

…

Version : 8.5.1.206 OS/Distro : SUSE Linux Enterprise Server for SAP Applications 12 SP1 Issue/Impact : Note: replace content with your own Getting Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]. pbis status command is returning status: Unknown. * systemctl status lwsmd.service lsass.log [https://github.com/BeyondTrust/pbis-open/files/4324009/lsass.log] iptprdsap129:~ # systemctl status lwsmd.service lwsmd.service - BeyondTrust PBIS Service Manager Loaded: loaded (/usr/lib/systemd/system/lwsmd.service; enabled) Active: active (running) since Thu 2020-03-12 17:49:23 AEST; 3h 59min ago Process: 87832 ExecStop=/opt/pbis/bin/lwsm shutdown (code=exited, status=0/SUCCESS) Process: 87929 ExecStart=/opt/pbis/sbin/lwsmd --start-as-daemon (code=exited, status=0/SUCCESS) Main PID: 87931 (lwsmd) CGroup: /system.slice/lwsmd.service ├─87931 /opt/pbis/sbin/lwsmd --start-as-daemon ├─87998 lw-container lwreg ├─88070 lw-container eventlog ├─88144 lw-container netlogon ├─88213 lw-container lwio ├─88285 lw-container lsass └─88370 lw-container reapsysl Mar 12 17:49:22 iptprdsap129 eventlog[88070]: Logging started Mar 12 17:49:22 iptprdsap129 netlogon[88144]: Logging started Mar 12 17:49:22 iptprdsap129 lwio[88213]: Logging started Mar 12 17:49:22 iptprdsap129 lsass[88285]: Logging started Mar 12 17:49:23 iptprdsap129 reapsysl[88370]: Logging started Mar 12 17:49:23 iptprdsap129 systemd[1]: Started BeyondTrust PBIS Service Manager. Mar 12 17:49:33 iptprdsap129 lsass[88285]: [LwKrb5GetTgtImpl /builder/src-git/Platform/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed) Mar 12 17:49:33 iptprdsap129 lsass[88285]: [lsass] The cached machine account password was rejected by the DC. Mar 12 17:52:44 iptprdsap129 lsass[88285]: [LwKrb5GetTgtImpl /builder/src-git/Platform/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed) Mar 12 17:52:44 iptprdsap129 lsass[88285]: [lsass] Failed to run provider specific request (request code = 14, provider = 'lsa-activedirectory-provider') -> error = 40022, symbol = L...t pid = 88987 Hint: Some lines were ellipsized, use -l to show in full. iptprdsap129:~ # * /opt/pbis/bin/lwsm list iptprdsap129:~ # /opt/pbis/bin/lwsm list lwreg running (container: 87998) dcerpc stopped eventlog running (container: 88070) lsass running (container: 88285) lwio running (container: 88213) netlogon running (container: 88144) rdr running (io: 88213) reapsysl running (container: 88370) usermonitor stopped iptprdsap129:~ # * /opt/pbis/domainjoin-cli query iptprdsap129:~ # /opt/pbis/bin/domainjoin-cli query Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56] The password is incorrect for the given account iptprdsap129:~ # * pbis status iptprdsap129:~ # pbis status LSA Server Status: Compiled daemon version: 8.5.1.206 Packaged product version: 8.5.206.2564 Uptime: 0 days 4 hours 0 minutes 52 seconds [Authentication provider: lsa-activedirectory-provider] Status: Unknown Mode: Unknown iptprdsap129:~ # * /opt/pbis/bin/enum-users iptprdsap129:~ # /opt/pbis/bin/enum-users TotalNumUsersFound: 0 * attach logs * /opt/pbis/bin/lwsm set-log-target -p lsass - file /tmp/lsass.log * /opt/pbis/bin/lwsm set-log-level -p lsass - debug * attach log >>> attached /tmp/lsass.log Output/Error : LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]. [lsass] The cached machine account password was rejected by the DC. Steps to Reproduce : * install command * Domainjoin command * Command that returns issue — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub [#282] , or unsubscribe [https://github.com/notifications/unsubscribe-auth/AAVE4WVRB5TLFLYY2SZYAHDRHDFBZANCNFSM4LGKTU7A] . [https://github.com/notifications/beacon/AAVE4WRCQNA5X27G6IWGKVTRHDFBZA5CNFSM4LGKTU7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IUQM6ZA.gif]

[KoyelPaul]

Hi David,

We have other servers running fine with same version. Please let me know if there is any fix using the current version since this is the only server where we are facing the login issue.

[dmorash-BT]

Can you leave and rejoin the domain. It looks like the cached machine password is out of sync. Leaving and rejoining should fix that.

[KoyelPaul]

Thank you David.
Login is working fine after leave and rejoin the domain.