You may have opted not to include the SCP (Service Connection Point) publishing permissions to your Password Manager’s service account. You’ll notice the following errors being logged on your event logs every 15-20 minutes:
An error occurred while running the task ConnectionPointPublisher:
Exception occurred while publishing Service Connection Point to domain ‘contoso.local’: Access is denied.
By default, Password Manager attempts to publish the SCP every 15 -20 minutes. Due to lack of permission, an access denied event will be logged on the service host's Event log.
1. Give the Account used to access the domain the permissions that it needs to run the scheduled task.
2. IF and ONLY IF you do NOT use the Secure Password extension (SPE) on the clients, then you can disable the TaskConnectionPublisher following the steps below:
Please make sure to follow Step 8 as it will update the shared.storage timestamp and ensure that the change made to the file is propagated to AD and to other instances of Password Manager.