Symantec Privileged Access Management

  • 1.  CA Control Minder 12.8 Password Consumers

    Posted Feb 26, 2015 03:15 AM

    Trying to manage service account of a windows service on a windows agent less endpoint. CA CM is able to successfully manage the password of the account but the password consumer for the designated service is not able to replicate the password change for that service. I have tried the following possible scenarios for solution:

    1. Installed CA control minder endpoint agent on the respective endpoint and then tried to create a password consumer for the same service.

    2. checked in the feature of restarting the designated service once the password gets changed.

    3.After changing the password through ENTM console, tried to manually restart the service, failed with a logon failure error.

    4. Re-installed CA control minder agent to include installation of PUPM integration and then again created the password consumer.

     

    All of the above exercises were not able to produce any positive results. I am following the CA control minder guide to the word. Is there something i am missing., Can anyone please answer this question.



  • 2.  Re: CA Control Minder 12.8 Password Consumers

    Posted Mar 09, 2015 11:24 AM

    Can anyone help out with this query?

     

    Thank you

     

    shubham saurabh wrote:

     

    Trying to manage service account of a windows service on a windows agent less endpoint. CA CM is able to successfully manage the password of the account but the password consumer for the designated service is not able to replicate the password change for that service. I have tried the following possible scenarios for solution:

    1. Installed CA control minder endpoint agent on the respective endpoint and then tried to create a password consumer for the same service.

    2. checked in the feature of restarting the designated service once the password gets changed.

    3.After changing the password through ENTM console, tried to manually restart the service, failed with a logon failure error.

    4. Re-installed CA control minder agent to include installation of PUPM integration and then again created the password consumer.

     

    All of the above exercises were not able to produce any positive results. I am following the CA control minder guide to the word. Is there something i am missing., Can anyone please answer this question.



  • 3.  Re: CA Control Minder 12.8 Password Consumers

    Broadcom Employee
    Posted Mar 18, 2015 03:34 PM

    Hi Chris Stallone,

     

    From what you describe, it seems like the password was changed or locked by SAM/PUPM or else the service would have started up without a login failure. This is assuming that before your test you were able to restart the service without any problems.

     

    Does the endpoint use UAC? If so, can you test if disabling it makes a difference?

     

    Some OS versions and installation methods require additional configuration :

    Integrated HTML Documents

     

    Sometimes the JCS logs can be helpful :

    C:\Program Files\CA\AccessControlServer\Connector Server\logs\

     

    I would also check the OS Event logs for any events around the time of password checkout.

     

    Verify if the AD password complexity requirements match the ControlMinder's password requirements. Maybe ControlMinder is setting a password the OS isn't agreeing with.

     

     

    Regards,
    Gilbert Figueroa