We currently use the Defender plug in with our ARS 7.2.1 environment to issue and manage tokens. We have 2 locations that each have an ARS environment which consists of a DB and ARS servers. They are setup to use the publisher/subscriber roles from one location to the other. Defender permissions are working in both locations and have been for a number of months. Then all of a sudden, when using one location those delegated the Defender rights get errors that the permissions are wrong. They can switch to the other location and it works. This has happened twice now in the past 8 months or so.
Since Defender uses AD permissions, we checked the native rights on DCs in both locations and they match. Rebooting servers seems to correct the issues but we haven't figured out which server's restart corrects it as there are DCs, ARS, and Defender servers involved with the process.
I was wondering if anyone else has experienced this or it's something in our environment? I should add that all servers involved are running 2016 server. Defender is 5.9.1 and ARS is 7.2.1. We plan to install the latest defender so we can update ARS to 7.3.1.