Symantec Privileged Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Windows account names in the format of Domain\samaccountname dont synch with application type "Windows Proxy"

  • 1.  Windows account names in the format of Domain\samaccountname dont synch with application type "Windows Proxy"

    Posted Aug 12, 2020 10:16 AM
    Team,

    For the purposes of a web portal, I am reauired to vault an account in the format of domain\samAccountName
    ex Contosso\jdoe

    When the account is setup as an application type of "Active Directory", the password synchronizes ok with Active Directory

    When the account is setup as an application type of 'Windows Remote' the following error message appears:
    Aug 12, 2020 1:59:53 PM com.ca.pam.rest.PAUtil generateExceptionFromAppCtx
    SEVERE: UpdateTargetAccountCmd.invoke Failed to synchronize password with target
    WindowsAgent: Error: 4662 : 1326-ERROR_LOGON_FAILURE
    WindowsAgent: Error: 4657 : 2221-NERR_UserNotFound
    Aug 12, 2020 2:02:31 PM com.cloakware.cspm.server.app.impl.UpdateTargetAccountCmd invoke
    SEVERE: UpdateTargetAccountCmd.invoke 4657: 2221-NERR_UserNotFound
    null

    How do i know which domain controller this failed on?


  • 2.  RE: Windows account names in the format of Domain\samaccountname dont synch with application type "Windows Proxy"

    Broadcom Employee
    Posted Aug 13, 2020 11:01 AM
    Chris,

    When troubleshooting, I will often change my device address to a specific domain controller (and in the case of an AD target application, make sure its not configured to use DNS to locate one).

    This way I always know what domain controller to look at for logs.

    Hope that helps,

    Joe
    Original Message