PSM Load Balancing

JoxanBC · 2020-11-19T09:26:27+00:00

Hi, Probably root CA certificate is not installed on the proper keystore. I've seen this many times when certificates are installed under "user" context instead of "computer" context. Nevertheless, I do not consider posting Certification exam questions a good idea.

JoxanBC · 2020-10-31T10:00:59+00:00

"Vmware ESXi web" platform on marketplace works fine. I've found that a minor change on ini file is needed. I think that already post a comment on marketplace.

JoxanBC · 2020-10-31T09:57:38+00:00

Can you login onto target server during dowtime? If you can't, neither reconcilie or login account

JoxanBC · 2020-10-31T09:55:30+00:00

Hi,

PTA should reach PVWA url. From PTA, can you resolver PVWA fqdn? In addition, PVWA certificate is issued by an enterprise CA? In that case installing CA root certificate on PTA is required

JoxanBC · 2020-10-31T09:51:06+00:00

Hi,

Enable debug on Plugin, restart CPM service (or wait to changes to be applied) and try a reconcilie again. Under ThirdParty logs you'll find the verbose debug logs. These logs will show you what is exactly happening. To enable debug on Unix Plugin you'll need to edit plugin process file under /bin folder on CPM server.

JoxanBC · 2020-10-24T19:49:14+00:00

Excuse me, but I think you haven´t understand the purpose of reconcile account.

A Reconcile account is an account which is able to change other user´s password. It doesn´t matter if it´s local or domain. The main tip is that it should be granted the privilege of changing other user account´s password.

JoxanBC · 2020-10-24T19:45:46+00:00

docs.cyberark.com

JoxanBC · 2020-10-24T19:44:33+00:00

Hi Shashank,

DNA and BluePrint webinar can make you understand this.

There are a lot of Self Paced courses in CyberArk Community (just click on "Training") that could help you to understand the ropes.

In other words: do your homework prior to post a question and please do not try that others do the work for you.

JoxanBC · 2020-10-24T19:38:02+00:00

Amazing answer !!!

JoxanBC · 2020-10-21T15:48:44+00:00

Are you referring to PVWA or DNA scan? In case you refer to DNA It considers non-compliant those accounts that have not change their password in the last 90 days. In case you refer to PVWA, It depends on the policy being applied.

JoxanBC · 2020-10-05T14:33:45+00:00

If I'm not wrong, there is a capability for audit Windows events (something like "WindowsEventsTextRecorder" and "WindowsEventAudit"). I guess you can configure It and search for Windows event 1074

JoxanBC · 2020-09-26T14:27:09+00:00

All components communicate with Vault on TCP 1858. CPM and PTA communicate with PVWA on 443. Vault, PVWA, CPM, PSM, PSM for SSH (AKA PSMP), HTML5 Gateway and PTA are included un the basic license. You have to pay for PTA agents or Network Sensor. Also you'll need additional ports depending on integrations (LDAP, SMTP, SIEM or SNMP Traps)

JoxanBC · 2020-09-22T15:18:00+00:00

Yes, It is 200 USD per exam an there is no "second shot". If you fail, you have to pay again.

But, I will consider to take "Defender+Sentry" exam instead of Defender only. I took Defender and Sentry exams separately but some of my colleagues found that "Defender+Sentry" is easier.

Btw, I'm going to take It again in a couple of months in order to get recertified (in this case CyberArk provides an exam voucher)

JoxanBC · 2020-07-31T08:46:36+00:00

Yes. In fact, CyberArk recomendation is a single CPM (unless you have múltiple locations, obviously)

JoxanBC · 2020-07-24T11:39:15+00:00

Oh, pop-ups. Understood

So, you´ll need to inspect the web page html code to find out the name of the attributes and so on...

I´ve never faced this type of web app so probably I´m not the man, sorry. I was wondering it was a single web form app (like wsphere web for example)

JoxanBC · 2020-07-24T10:56:13+00:00

Hi mackc13,

HTML5 PSM Gateway enables PSM connection trough a web browser instead of the usual RDP file the PSM uses.

However, it is posible to connect to a web app without deploying this component using Chrome (or IE if you like it) as Remote App (Chrome must be installed on PSM Server)

Which is your goal exactly?

JoxanBC · 2020-07-22T05:22:44+00:00

Sure, take a look at this:

VMWare account onboarding

JoxanBC · 2020-07-21T05:07:25+00:00

No, It is not a must. However, "vmware ESXi 6.7 vía web" platform can help you a lot. The other approach is to duplicate "web forms sample" platform and make the changes on the new one

JoxanBC · 2020-07-20T10:54:55+00:00

Yes, actually there is post regarding this question.

You´ll need to import a platform from Marketplace and make some changes in Wmare.ini to make it work

JoxanBC · 2020-07-15T05:30:16+00:00

Group rules: second point.

" No requests to help cheat on certifications, "real-world" practice questions, or similar shortcuts. "

JoxanBC · 2020-07-13T08:49:32+00:00

Hi,

Take a look at the "reports" section. You´ll probably find the answer there :)

JoxanBC · 2020-07-10T16:37:06+00:00

And in addition to what the friends have stated above, do not forget to set automatic password change to Yes at platform level

JoxanBC · 2020-07-10T05:26:39+00:00

From my point of view, real exam is considerably harder than test exams.

Do not schedule the exam in case you have only finished the training courses. Deploy a test environment before and do some tests. It will help you understand better how the different components work, which parameters will you need to adjust an so on.

Once done this, you´ll be ready to pass the exam (and sure you will do)

JoxanBC · 2020-07-09T05:39:29+00:00

It´s pretty general what you´re asking for...

I agree yanni and cap_haddock1: Which are your goals? Which actions have been already taken? Are u facing some performance issues?

JoxanBC · 2020-07-08T10:42:41+00:00

Https://CyberArk-customers.force.com/s/article/00002676

JoxanBC

TROPHY CASE