This section provides workaround information for issues you may encounter during installation.
Server configuration gets stuck
On rare occasions, server configuration gets stuck when installing prerequisites (CRL Types and Shared Management Objects).
Figure 1: Stuck prerequisite installation during server configuration
Workaround
-
In Windows, open Control Panel > Programs > Programs and Features.
-
Check if the CRL Types and Shared Management Objects dependencies are installed.
-
If both dependencies are installed, restart the computer, and run server configuration again.
-
If any of these dependencies are not installed, check if their installers are available in the following location:
%ProgramData%\One Identity\Safeguard Privilege Manager for Windows\Downloads
If the installers are available in the specified location, install them manually from there, then restart the computer, and run server configuration again.
-
If any of the dependency installers are missing from the above location, install them manually as described in the Offline installation section of the Safeguard Privilege Manager for Windows Administration Guide.
Error code 2356
If you encounter error code 2356 during installation, or the server configuration gets stuck while installing the prerequisites (CLR Types and Shared Management Objects), the Windows Installer service can end up in an incorrect state.
Workaround
-
Close any in-progress installation.
-
Open the Windows Task Manager.
-
Search for the Windows Installer service under the Services tab (msiserver).
-
Stop the service.
-
Run the installer/process again.
Potential startup delay on Windows 10
If Data Collection is enabled, Safeguard Privilege Manager for Windows may start up with a delay on Windows 10 workstations, stuck on a please wait... screen for an extended period of time. This can occur if the workstation cannot resolve the DNS name of the configured Data Collection server.
Workaround
To solve the issue, replace the configured Data Collection server name with the IP address of the Data Collection server.
SQL Server 2014 Express installation fails
Occasionally, Safeguard Privilege Manager for Windows may fail to install SQL Server 2014 Express.
Workaround
-
If possible, use a remote database instead of a local SQL Server installation.
-
If using a remote database is not feasible, try to install SQL Server 2014 manually.
-
If the issue still persists, contact our Support Team. Make sure you provide the SQL Server 2014 installation logs for One Identity Support from the following location:
%ProgramFiles%\Microsoft SQL Server\120\SetupBootstrap\Log
Match rule failure for certain processes
If a process is running from a Universal Naming Convention (UNC) or mapped drive, rules that specify the file version, file hash, product code, or publisher might fail to match the process. This can happen if the security permissions set on the network resource prevent the computer account on which the Safeguard Privilege Manager for Windows Client is running to access it.
Workaround
In the Edit Rule Wizard, set User’s context will be used to resolve system and resource access for the rule. This setting allows the Safeguard Privilege Manager for Windows Client to access the network resource under the security context of the user running the process.
Configuring Client data collection
Topics:
Available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.
Run the Client Data Collection Settings Wizard so that you can compile reports, support discovery, and launch on-demand features.
Client data collection settings only apply on computers running a Client.
Before configuring Client data collection settings, you must configure a Server on your domain. For more information, see Configuring the Server.
To use the Client Data Collection Settings Wizard to set up, modify, or discard settings,
-
Open the wizard by completing one of the following steps:
-
Open the Client Data Collection Settings Wizard from the Setup Tasks section. It will always show the default settings.
-
On the Advanced Policy Settings tab of the target GPO, double-click Client Data Collection Settings. The changes made within the wizard are saved here.
-
Enable the Client Data Collection Settings on the State tab.
-
Choose Enabled, to ensure the settings apply to the selected GPO.
-
Choose Not Configured, to enable child GPOs to inherit settings from their parent.
-
Define the Server on the Settings tab. This Server receives data from the Clients of the target GPO.
-
Click Browse to locate a Server through Active Directory.
-
Use the Test button to verify the selected Server's connection to the ScriptLogic PA Reporting Service. If the test fails, check to see if there are network or firewall problems.
-
Click the Clear the server name link if you want to configure another Server. The displayed service remains installed.
NOTE: To prevent data transfer issues between the Server and linked Clients, check that the port you have selected is open for incoming connections on the Server. Port 8003 is the default port for Server installation.
-
Use the Advanced Settings on the Settings tab to set these data transfer parameters:
-
Maximum Sleep Time (in seconds) sets the stagger time period within which every Client sends its data to the data collection service. This value is set to 60 seconds by default.
-
Send Retries defines the number of retries that are made if an attempt to connect to the web service fails. This number is set to 1 by default.
-
Network Timeout (in seconds) sets how many seconds a Client should wait to stop sending data if it does not reach the target. This value is set to 600 seconds by default.
-
Maximum Records Per Transaction indicates how many portions of cached data the Client sends. This value is set to 0 by default, which indicates an unlimited number. To reduce the load on the Server side, you can increase the value to 1 or 2. This may be useful on large networks where each client computer generates many records and a Client may not be able to connect to the data collection service because it is too busy processing data collection transactions.
-
Click Next to use Validation Logic to target the settings to specific client computers or user accounts within the GPO, or click Finish to save your settings and quit.
If an error message indicates that the target GPO is not selected:
-
Click OK to close the message window.
-
Open the GPO tab and select the desired GPO.
-
Click Save on the GPO toolbar to save the new settings.
Adjust the parameters that Clients use to send their data to the ScriptLogic PA Reporting data collection web service to your specific needs. The web service supports collecting data from a significant number of Clients running concurrently.
Configuring Instant Elevation
Topics:
Available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.
To grant on-demand administrative privileges to a group of trusted users and audit their actions, use the Instant Elevation Wizard.
NOTE: In some cases, Instant Elevation and Blacklisting rules could be configured for the same target application. In this case, Blacklisting takes precedence over Instant Elevation and prevents the application from starting. For more information about creating Blacklisting rules, see Using the Create Rule Wizard.
