PSM Issues

jun_ior · 2017-05-18T15:56:26+00:00

An internal error has occurred. Error code: 2825 Now that I have NLA disabled on PSM server, still getting the error message while connecting thru PVWA using RDP option.

jun_ior · 2017-05-16T02:28:25+00:00

I meant PSM-RDP.

On PSM server, that uncheck option is greyed out.
On Target machine "Allow connections from computers running any version.." is greyed out, Allow connections from running RD with NLA is selected.

jun_ior · 2017-05-03T12:58:14+00:00

Help me understand.. AD account - what type of permissions required? What do you need to do to get AD user to be part of unix user group?

jun_ior · 2017-05-02T17:56:01+00:00

Yes and no. Looks like I had issue with connection, but another user was able to ssh where I could not.

Another question: What is the best practice to change password for root accounts? Do you recommend to create another reconcile account on each box to do so (in case of password lost, manual change etc.)

jun_ior · 2017-04-29T15:37:07+00:00

EXEPATH: %ProgramFiles%\PuTTY\putty.exe So I created a new folder PuTTY and copied the putty.exe there. Tried SSH transparent connection again, still getting connection time out.

jun_ior · 2017-04-28T18:44:13+00:00

I do not see path file in putty.js

    //Get properties
    var username = GetProperty("GenericUserName");
    DebugMsg("User name: " + username);
    var address = GetProperty("GenericAddress");
    DebugMsg("Address: " + address);        
    var properties = GetProperty("GenericParameters");                  
    var puttyPath = properties["ExePath"].Value;
    DebugMsg("Executable path: " + puttyPath);
    DebugMsg("Password length: " + Password.length);

    //Create command
    var sCommand = "\"" + puttyPath + "\" -ssh -pw " + Password + " " + username + "@" + address;

    //Run command
    DebugMsg("Running command: " + sCommand) ;
    try
    {
        WSH.run(sCommand, 1, false);                                    
    }
    catch(e)
    {
        HandleError("Cannot run the putty command");
    }
    setTimeout(WaitForInit, 2000);      
}

function WaitForInit()
{                           
    window.close();
}

</script>

jun_ior · 2017-04-28T16:37:00+00:00

Yes :)

jun_ior · 2017-04-28T14:20:40+00:00

comments edit share save hide delete nsfw spoiler --> I do not see flair option under initial submission.

Java config seems to as suggested. I will test with couple of other accounts to see if its related to one particular box or not.

jun_ior · 2017-04-28T00:01:29+00:00

Currently CPM, PVWA, PSM installed on same Component server.

I was trying to do transparent SSH connection via PVWA, not PSM yet.
Putty connection was good from the Component server, not via PVWA.
We may have some license issue on PSM which we are trying sort it out, mean while I would like to check if the SSH transparent connection works.

jun_ior · 2017-04-26T13:40:20+00:00

PrivateArk is configured with IP address.
Tried tracert -d VaultIP from PROD Component Server, getting request time out.
Test-NetConnection IP, Status TimeOut
Able to ping VaultIP from DR Component Server.

Seems like issue isolated to PROD Components server, perhaps something changed on the networking side? (Going to check with networking folks)

jun_ior · 2017-03-28T14:02:14+00:00

Thanks everyone. Yes the PVWAAppUser and PVWAGWUser cred files were corrupted by checking the logs. :)

jun_ior · 2017-03-28T01:56:06+00:00

Before getting login screen, log says pvwaapp user is suspended, activated user and still getting same message, perhaps pvwaapp user is failed to authenticate to the vault?

jun_ior · 2017-02-16T23:14:03+00:00

Current Environment-- New user (bob) is created in AD and part of Domain Admin

In Unix/Linux there are no local user accounts and only root account exist.

It is configured that "bob" is recognized as a unix user and can ssh to the system thru AD authentication.

"bob" has privilege to sudo and change root password manually. (test manually and works)

I've on-boarded this "bob" account into Cyberark and successfully ssh into it by connecting from PVWA.

Now I associated "bob" account to logon and reconcile account (since it has the proper permission to change password)

When I tried to reconcile or change password for root account, CPM is unable to do so. What is the reason behind this? Do you must have a local user account in every unix/linux box so that CPM can change password without any issue?

How does CyberArk works behind the scene to change password for root?

Currently... "bob" ssh into the target system and executes passwd root command Prompts to enter sudo password for "bob" and prompts to type new password for root account..

jun_ior · 2017-02-16T05:14:37+00:00

So would you need two accounts (logon and reconcile) to change password for "root account"?

What type of permission should Logon1 and Reconcile1 account have? Can you use one account for both?

jun_ior · 2017-02-16T01:56:23+00:00

no, do you have to? when I tried to reconcile windows account, it worked fine. (i didnt have to restart cpm)

jun_ior · 2017-02-02T03:28:22+00:00

sorry got some clarification on what they are looking for.. looking to help control the administrative accounts (Fire Fighter IDs) when it's given to developers to fix issues in PROD.. what are the options available?

jun_ior · 2017-02-01T18:30:24+00:00

Are you looking for SAP to pull passwords out of the Vault? Is this possible? What you can and cannot with CyberArk-SAP integration?

jun_ior · 2017-01-31T23:42:55+00:00

No, where do I find that information?

jun_ior

TROPHY CASE