A local account password or SSH key change can fail when you are using a Windows asset that is configured with a service account with Administrative privileges, other than the built-in Administrator.
NOTE: Before Safeguard for Privileged Passwords can change local account passwords on Windows systems, using a member of an administrators group other than built-in Administrator, you must change the local security policy to disable User Account Control (UAC) Admin Approval Mode (Run all administrators in Admin Approval Mode) option.
To configure Windows assets to change account passwords
-
Run secpol.msc from the Run dialog,
-OR-
From the Windows Start menu, open Local Security Policy.
- Navigate to Local Policies | Security Options.
- Disable the User Account Control: Run all administrators in Admin Approval Mode option.
- Restart your computer.
For more information, see Preparing Windows systems.
You must have the correct user name and password or SSH key to authenticate to an asset.
To resolve incorrect service account credentials
- Verify the service account credentials match the credentials in Safeguard for Privileged Passwords asset information (Asset Management | Assets | General Tab, Connection). For more information, see About service accounts.
- Perform Test Connection to verify connection. For more information, see About Test Connection.
- Attempt to check, change, and set password or SSH keys again. See:
If a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Safeguard for Privileged Passwords will not be able to communicate with the asset. For more information, see Certificate issue.
To resolve missing SSH host keys
To verify that an asset has an SSH host key, select the asset and look under Connection on the General view. If there is no SSH Host Key Fingerprint displayed, you need to add one.
To add an SSH host key
- Open the asset's Connection tab.
-
Choose any authentication type (except None) and enter required information.
NOTE: You must enter the service account password or SSH key again.
-
Click Test Connection.
Test Connection verifies that the appliance can communicate with the asset.
-
Confirm that you accept the SSH host key.
NOTE: To bypass the SSH host key verification and automatically accept the key, click the Auto Accept SSH Host Key option.
- Click OK to save asset.
To resolve incorrect SSH host keys
Safeguard for Privileged Passwordsuses the following host key algorithms for key exchange:
Investigate the cause of the mismatch and then use Test Connection to resolve the mismatch.
If you receive an error message that says: There is no cipher supported by both: client and server, refer to Cipher support.