Scribd
Upload
1K views11 pages

Real Time Errors and Solutions

This document provides solutions to various errors encountered when connecting to servers and applications using CyberArk. The solutions include checking for locked user accounts, verifying port configurations and openings, selecting the correct SSH protocol version, ensuring user account status in Active Directory, and refreshing credentials for the PSMP application in the CyberArk vault.

Uploaded by

Mohan C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views11 pages

Real Time Errors and Solutions

This document provides solutions to various errors encountered when connecting to servers and applications using CyberArk. The solutions include checking for locked user accounts, verifying port configurations and openings, selecting the correct SSH protocol version, ensuring user account status in Active Directory, and refreshing credentials for the PSMP application in the CyberArk vault.

Uploaded by

Mohan C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

1.

Authentication Failure for UNIX server


Issue: When the user tries to connect to UNIX servers below error getting

Password verification and reconciliation will work without any issue


Solution: Check the user account is locked in the server user is trying to connect, after 5
failed attempts user account will be locked, unlock the account and try connecting again.

2.TNS : No listener
Issue: Connections not going via SQL Plus and TOAD. Getting below error

Solution: Check the port number and also verify the port is opened from PSM servers
Find the below screen prints
Flow open is OK

Flow open is OK
3.PSMP Error – SSH Protocol version 1
Error: User not able to connect server via PSMP, getting below error

Solution: In Putty Protocol 1 was selected which was causing the issue

Select the SSH protocol version 2 and try the connection.


4.PSMRD001E Code: 516
Error: Getting below error while connecting to server via windows domain account
Password verification and reconciliation will work without any issue

Solution: Check the RDP port (3389) is opened from the PSM or not.
Do the telnet from PSM Telnet targetaddress portnumber

5.RDP Error
Error: Getting below error while connecting to server via windows domain account

Solution: Check the user is added to required security groups in Active Directory.
6.RDP Error
Error: Getting below error while connecting from Windows domain account

Solution: The user account is currently disabled and cannot be used, contact Active
Directory team and enable the account

7.RDP Error
Error: Getting below error while connecting from Windows domain account

Solution: The user account is expired in Active Directory.

8.RDP Error
Error: Getting below error while connecting from Windows domain account
Solution: The user must change your password before logging on the first time. Ask user to
connect (without CyberArk) and login via given credentials then change the password.
Finally, same password can be updated in CyberArk

9.PSMP Error
Error: Getting authentication failure while logging in with the Vault internal user
PSMP String: Administrator@[email protected]@192.168.110.159

ITALOG error message

Solution:
● Log onto the Password Vault Web Access as a user with permission to configure
platforms.
● Click ADMINISTRATION, then in the System Configuration page click Options; the
Web Access Options are displayed.
● Expand Privileged Session Management, then General Settings, and then Server
Settings.
● Select SSH Proxy Settings; the SSH Proxy Settings properties are displayed.
● In Authentication Method, specify the authentication method that the Vault will use
to authentication PSM for SSH users. Specify one of the following valid values:
Default
● Wait for one or two minutes then try connecting.
10.PSMP Error
Error: Getting below error while connecting from PSMP but it works fine with PSM

Solution: Login into PSMP server and check the service status

We see here PSMP and AD Bridge services in stopped status, Start the services and check
the connectivity.

11.PSMP Error
Error: Getting below error while connecting from PSMP but it works fine with PSM

Solution: Login into PSMP server and check the service status
We can see here PSMP service failed to start.
Now check the PSMPConsole.log file for more details
Log Folder Location: /var/opt/CARKpsmp/logs/
[root@psmp logs]# cd /var/opt/CARKpsmp/logs/
[root@psmp logs]# cat PSMPConsole.log
[20/08/2020 | 18:05:16] :: | PSMPAP100E Failed to connect the PSM SSH Proxy to the Vault
(Error: ITATS004E Authentication failure for User PSMPApp_PSMP. , Diagnostic Info: 1)
[20/08/2020 | 18:05:16] :: | PSMPPS033I Initializing PSP controller
[20/08/2020 | 18:05:16] | :: | PSMPPS037E PSM SSH Proxy has been terminated.
(Diagnostic information: 062E Failed to get new Privileged Session Manager gateway
session. Error: ITATS004E Authentication failure for User PSMPGW_PSMP. ., -1)
ITALog error

From the log file we can that PSMPApp and PSMPGw user credentials out of sync with Vault
We need to recreate the credential files now
Login to Vault via PrivateArk client and select the PSMPApp user and PSMPGw user set the
password then if the accounts are suspeneded then activate the
Now Login to PSMP and reset the PSMPApp and PSMPGw passwords
cd /opt/CARKpsmp/bin
[root@psmp bin]# cd /opt/CARKpsmp/bin
[root@psmp bin]# ls
createcredfile envmanager icudt58l.dat PSMPHardening.sh psmpserver psshkeys
psshkeys_runner.sh
[root@psmp bin]# ./createcredfile /etc/opt/CARKpsmp/vault/psmpappuser.cred
Vault Username [PSMPApp_PSMP] ==>
Vault Password (will be encrypted in credential file) ==> xxxxxxxxxx
Hit enter till you get “Command ended successfully”
[root@psmp bin]# ./createcredfile /etc/opt/CARKpsmp/vault/psmpgwuser.cred
Vault Username [PSMPGW_PSMP] ==>
Vault Password (will be encrypted in credential file) ==> xxxxxxxxxx
Hit enter till you get “Command ended successfully”
[root@psmp bin]# service psmpsrv start
Starting PSM SSH Proxy...
PSM SSH Proxy was started successfully.
PSMP ADBridge is already running.
[root@psmp bin]# service psmpsrv status
PSM SSH Proxy is running.
PSMP ADBridge is running.

Now test the connectivity.

12.PVWA – Account locked


Error : Not able to connect getting the below error message
Reason: ITATS362E You cannot lock object YWRhZG1pbg==, object is already
locked by Administrator

Solution : Login to Vault via PrivateArk client then go to SAFE PVWAPrivateUserPreferences


open the SAFE then find the locked object and unlock.
Inform the user to refresh the PVWA and try connecting

You might also like