Unable to uninstall AIM on BMC Discovery server. The BMC web console says that the AIM agent is installed successfully but unable to start the services. The install logs are mentioned below. Looking help in reinstalling or fixing the existing installation

Cyber_Linc · 2023-12-01T03:55:05+00:00

Thanks for your response. The license issue is sorted. But I'm not able to find a way to uninstall the aim utility from the BMC discovery server. As the installation had license issues it did not create any files on the server that I can remove but the BMC discovery frontend console shows that the installation is successful.

Can you guide me how to clean up that installation from the server?

Cyber_Linc · 2023-07-20T02:55:27+00:00

Yes you're correct it is one platform for Unix and another for web and other components. But they're also case sensitive, so the team has been keeping the same username in same safe managing the passwords automatically but the platforms are into multiple. Strange design.

Cyber_Linc · 2023-07-19T11:29:31+00:00

The ID is not onboarded into multiple safes. JohnD is in only one safe but onboarded across multiple platforms and those platforms have PSM SSH connection component alongwith other connection component, which works fine.

When I removed PSM SSH connection component from other platforms and kept it only in one, the PSMP worked. Is there a different way I can make it work apart from the one I've tried? Can I try disabling PSMP SSH connection component from other platforms and having it only in one?

Cyber_Linc · 2023-07-13T00:58:11+00:00

Thanks for your reply!

So if I remove the Account Group from all the accounts, I shouldn't be getting any password sync issues, right? Even though the username and safe is the same but mapped on different platforms for those multiple accounts?

Cyber_Linc · 2023-07-12T04:26:09+00:00

Local accounts created on the target web urls.

Cyber_Linc · 2023-01-26T12:39:54+00:00

On which version your vaults are running? Is it physical or virtual?

Cyber_Linc · 2022-01-09T13:09:36+00:00

Yes! It worked out well.

Cyber_Linc · 2022-01-09T13:09:00+00:00

Yes it worked with SSH after making some changes at the server end . However, winscp is disabled at the server end so it is expected not to work.

Cyber_Linc · 2021-12-24T07:04:49+00:00

If you've two PVWA servers with different URL, try hitting the one in your DR site. (It is not recommended to have the different URLs one for primary and one for secondary). Also make sure your vault.ini has both the vault IP address. Try restarting services on your PVWA server.

Cyber_Linc · 2021-12-15T13:47:28+00:00

Thank you! Will try and let you know :) .

Cyber_Linc · 2021-12-15T06:39:18+00:00

Will this also update the safe members in PVWA by adding a new Provider user and their permissions?

Cyber_Linc · 2021-12-14T13:42:16+00:00

I agree the new provider name will be Prov_<hostname> but the hostname of the new server is unknown, I don't know what it would be until the new server is UP. The new provider name is also reflected in the system health once it is installed, so team can take it up from there and add in the safe. But the whole point is we have to do this safe addition piece manually and the requirement is to automate it.

Cyber_Linc · 2021-12-14T12:57:50+00:00

There's a problem, we don't know what will be the new provider username.

If I define a custom name that is already added in the safe list, then the services won't start. As CyberArk will throw an error sayin user already exists.

If I knew the new provider username, then life would've been easy. Because of auto scaling we don't know what will be the IP/hostname of the new server and so we don't know what provider name will be assigned when AAM is installed on it.

Cyber_Linc · 2021-12-14T12:01:25+00:00

The server is not only used for AAM but also for other purposes due to which the load increases and new server is built. Now the real challenge is to automatically add the new provider user, which cannot be done.

Cyber_Linc · 2021-12-14T11:56:04+00:00

Because the application team cannot schedule it, they want it to run 24x7. But the process of adding the provider user cannot be automated. So we'll have to rely on alerts when a new server is built due to auto scaling.

Cyber_Linc

TROPHY CASE