DDPE - PBA login issue (logs included) - Dell DSS - Security - Dell Community

DDPE - PBA login issue (logs included)

Security

Security
All things Dell Security related

DDPE - PBA login issue (logs included)

This question has been answered by DELL-Steve O

I am told by my company's technical support supervisor that some users are having problems logging in from PBA when connected to the network.  To resolve this issue, he said he had to disable and then re-enable SED PBA policy.  Below is a snippet of the log that he sent me for analysis, but I can't make heads or tails of it.

Could anyone who is more familiar with how this product actually works explain to me what the this means?  Specifically, the line saying 'database created - maximum users is 209' is puzzling because we have way more licenses than that (maybe it's totally unrelated, but that's why I'm asking).


The original issue that lead to my colleague having to disable and re-enable a policy came up as:

(2017.06.16 10:34:18 E Pba     : error synchronizing PBA user "DOMAIN\username" – ActivateUserDPFailed)


The rest of the logs that are potentially useful are:


2017.06.16 10:40:36 I Comm    : new policy seq# 3 received

2017.06.16 10:40:38 I Pba     : activating PBA...

2017.06.16 10:40:41 I Comm    : sending 0 major events to server

2017.06.16 10:40:41 I Comm    : closing connection to "dellddp.domain.com:8888/agentv2"

2017.06.16 10:40:41 I Comm    : next contact with server scheduled for 6/16/2017 10:55:41 AM

2017.06.16 10:48:38 I Pba     : database created - maximum users is 209

2017.06.16 10:48:54 I Pba     : management is waiting for key escrow

2017.06.16 10:48:54 I Comm    : opening connection to "dellddp.domain.com:8888/agentv2"

2017.06.16 10:48:55 I Comm    : sending 1 key(s) to be escrowed

2017.06.16 10:48:55 I Pba     : recovery information has been successfully escrowed



Thanks!
Verified Answer
  • Hey Eric!

    The 'database created - maximum users is 209' refers to the amount of PBA cached users that SED supports.  

    With regards to the issue making you remove the PBA and put it back down the next time it happens we should collect PBA logs and then get a ticket registered to see what's going on.  The link below will help you with collecting the PBA logs when this type of issue occurs and then in my signature is the number you can call to register a case with our dedicated support team.

    Link

    Best Regards,

  • Hey Eric,

    Each SED manufacture will set aside a specific amount of space on the secure area of the drive for vendors to put their management software inside.  That size number can change from SED to SED or Vendor to vendor.  It does not sync up to your current licensing limits it just dictates the number of cached users we can store for offline authentication.

    Every use that logs into Windows post the SEDs activation or into the PBA while it's hardwired to the network will get cached.  Since laptops are generally a 1:1 ratio of user to machine there shouldn't be a concern of hitting the upward limits of amount of cached users a drive supports.

    I think your final question is a bit open ended for the forum and I will want to chat about this on the phone.  I am going to message you my dell.com e-mail and we can set a time to discuss based upon your availability.

    Best Regards,

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

All Replies
  • Hey Eric!

    The 'database created - maximum users is 209' refers to the amount of PBA cached users that SED supports.  

    With regards to the issue making you remove the PBA and put it back down the next time it happens we should collect PBA logs and then get a ticket registered to see what's going on.  The link below will help you with collecting the PBA logs when this type of issue occurs and then in my signature is the number you can call to register a case with our dedicated support team.

    Link

    Best Regards,

  • Hi Stephen,

    Thank you for your help - could I get a little more clarification on what you mean by saying that's the amount of PBA cached users that SED supports?  Does that number change?  Is it supposed to be correlated with the number of overall licenses we have?  What does that limit actually refer to, and is there a way that we can be better managing our installation?  

    Thanks again,

    Eric

  • Hey Eric,

    Each SED manufacture will set aside a specific amount of space on the secure area of the drive for vendors to put their management software inside.  That size number can change from SED to SED or Vendor to vendor.  It does not sync up to your current licensing limits it just dictates the number of cached users we can store for offline authentication.

    Every use that logs into Windows post the SEDs activation or into the PBA while it's hardwired to the network will get cached.  Since laptops are generally a 1:1 ratio of user to machine there shouldn't be a concern of hitting the upward limits of amount of cached users a drive supports.

    I think your final question is a bit open ended for the forum and I will want to chat about this on the phone.  I am going to message you my dell.com e-mail and we can set a time to discuss based upon your availability.

    Best Regards,

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039