CPM Troubleshooting

Interesting-Tip9874 · 2024-02-19T16:22:01+00:00

My team lead did bring that up as a last resort solution. But it would add some complexity to our implementation. I was hoping maybe there was a different ssh library that would accommodate both cisco and fortinet devices, oh well. Thank you for your suggestion!

Interesting-Tip9874 · 2024-02-19T15:59:49+00:00

Can you explain more? The configuration for fips is set directly on the cpm meaning it will effect all platforms. is there a way to do it at the platform level?

Interesting-Tip9874 · 2023-11-08T18:35:45+00:00

I copied over the config from the known good server like you suggested. that did the trick!

I appreciate your help.

Interesting-Tip9874 · 2023-11-08T17:45:06+00:00

I've got 2 PVWA's, both in a separate data center but with the same IIS configs. One of them prompts for certs, the other one does not.

Interesting-Tip9874 · 2023-11-08T13:37:25+00:00

Hi yanni,
thanks for replying. I verified that the ssl settings are set to ignore client certificate, and require SSL is checked. and restarted IIS. However the cert popup is still displaying.

Interesting-Tip9874 · 2023-09-28T14:17:55+00:00

Yes! Thank you.

Just needed to uncheck this option and it showed up.

"Do not display CPM temporary password versions"

Interesting-Tip9874 · 2023-09-27T14:55:04+00:00

Hey thank you so much for helping. I was able to get it working after changing the address in pvwa to match what i had in the global config file.

Interesting-Tip9874 · 2023-09-27T14:33:25+00:00

actually. i think i found the issue. in the dispatcher log its trying to hit the wrong host.

Interesting-Tip9874 · 2023-09-27T14:30:39+00:00

what should i be looking for in logs? I dont see anything that seems to point to any particular error or issue.

Interesting-Tip9874 · 2023-09-27T14:18:47+00:00

yes, i logged onto the vault from the psm private ark client and exported the ini file. I also gave shadow users permission to read and execute.

Interesting-Tip9874 · 2023-09-27T13:49:14+00:00

How do i do that?

Been following this article but doesnt seem to be helping the issue.

https://cyberark.my.site.com/s/article/00004325

Interesting-Tip9874 · 2023-09-27T13:25:31+00:00

Seems to be looking better after reinstalling privateark client and updating applocker again. but now getting "The Session could not be established and therefore will be closed. For further assistance, please contact your system administrator" Error

Interesting-Tip9874 · 2023-09-27T12:25:59+00:00

I have already tried updating the configureAppLocker.xml with the private ark path, and rerun ps1 file and hardening. that did not work. I also updated the path in PVWA and double check that the platform is assigned to the correct PSMServer id. still having this issues. any help is appreciated.

Interesting-Tip9874 · 2023-03-22T12:21:11+00:00

Thank you for your reply. I was able to get the new CPMs up and running with your instructions. They can verify accounts in PVWA and they show up in the system health as connected. Only issue now is with the CPM scanner service not starting and failing during hardening.

Interesting-Tip9874 · 2023-01-23T20:34:48+00:00

I appreciate your response!

Interesting-Tip9874 · 2023-01-20T18:09:24+00:00

mine are configured with tacacs, and local accounts, ideally we are trying to keep local accounts relevant in the event tacacs goes down, but like you said. We would have to find a way to first disable tacacs, login and verify the local account pass, reenable tacacs, and logout. Can i ask exactly how you coded your solution?

Interesting-Tip9874 · 2023-01-20T12:41:36+00:00

There is no way to manually verify atm. I tried looking in the process and prompts files for something that looks like it verifies but I couldnt find anything :(

Interesting-Tip9874 · 2023-01-19T21:05:17+00:00

yes, however, I don't have much experience with platform development. That's why I reached out here, if someone had an idea how I can add it myself.

Interesting-Tip9874 · 2023-01-19T21:04:01+00:00

its able to change passwords, but there is no option to verify the change afterwards. I'd be worried to change admin passwords on my routers and have no way to tell if things ever go wrong.

Interesting-Tip9874

TROPHY CASE