Issues like this are really hard to track down.
My best guess, from reading this topic below is it’s somehow related to the SSSD stack and how you authenticate.
Somehow your users are able to start the PUN, but they’re not able to connect to the socket. Are there any system level messages (like audit logs or /var/log/messages) that could indicate an issue? Some messages in that topic seem to indicate it’s as simple as lowercasing your users. There seems some mismatch in REMOTE_USER (however you pull the username from your authentication system) and the actual Linux user.
You mean it’s completely down for everyone?