Advanced scenarios and more examples
With the Password Capture Agent Windows PowerShell module, there are many ways to install Password Capture Agent on your domain controllers. Use the built-in Windows PowerShell help to find more examples of usage:
Get-Help Get-PasswordCaptureAgentServiceConfig -Full
Get-Help Set-PasswordCaptureAgentServiceConfig -Full
Get-Help Install-PasswordCaptureAgent -Full
Get-Help Uninstall-PasswordCaptureAgent -Full
Event log for the Password Capture Agent
Event log for the Password Capture Agent
You can read the Password Capture Agent log in the event viewer, in the Applications and Services Logs folder. It shows you details of hints, warnings, and errors if they occur.
- Level
- Date and time
- Source
- Event ID
- Track category
In addition, you will find information about the configuration summary on every startup process.
Example
Configuration summary:
- This DLL: “C:\WINDOWS\system32\PCA_Driver.DLL”
- File Version: “1.0.1.9”
- DLL File Version: “1.0.1.9”
- Used log in event log: “One Identity Manager Password Capture Agent”, with source name: ‘Driver’
- Configuration key: “HKEY_LOCAL_Machine\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Driver”
- Diagnostic mode: No
- Deactivate on start: No
- Retry on error after seconds: 120
- Storage time of pending captures in days: 7
- Log file: “<no log file specified>”
- Domain name for accounts: “democorp”
- Companion service: "One Identity Manager Password Capture Agent” has successfully initialized
- Number of unfinished captures in queue: 0
- Driver initialization completed.
Customizing security for the Password Capture Agent service
Customizing security for the Password Capture Agent service
You can limit the scope of users and groups that are permitted to configure the Password Capture Agent service using built-in Windows techniques.
Use the COM+ Management Console to specify permissions for the SetConfigParameter task under Component Services\Computers\My Computer\COM+ Applications\One Identity Manager Password Capture Agent\Components\PCA.Com_Class\Interfaces\COM_Interface\Methods.
Achieving high availability for the web service with Windows Network Load Balancing
Achieving high availability for the web service with Windows Network Load Balancing
This appendix describes how to achieve high availability for the web service using the Network Load Balancing service.
The Network Load Balancing cluster requires a dedicated IP address and fully qualified domain name. This should be set up before installing the cluster. The fully qualified domain name will be used later to access the web service. This means that every host needs a certificate that is valid for the chosen fully qualified domain name and is trusted by each domain controller.
Hosts in a Network Load Balancing cluster require at least two network interface cards. The first network interface card should be for general communication and maintenance and the second network interface card should be dedicated to Network Load Balancing traffic.
To allow high availability in a Network Load Balancing cluster, you need multiple hosts installed and configured with the web service. These hosts should be dedicated to that task. Installing Network Load Balancing on domain controllers is not supported.
Example settings in this lab with network interface card (NIC) and fully qualified domain name (FQDN):
Host1
Web01.democorp.com (Windows Server 2012 R2)
NIC1: 192.168.0.20
NIC2: 192.168.0.200 (STATIC)
Host2
Web02.democorp.com (Windows Server 2012 R2)
NIC1: 192.168.0.21
NIC2: 192.168.0.201 (STATIC)
Network Load Balancing Cluster:
FQDN: ServiceCluster.democorp.com
IP: 192.168.0.50
Detailed information about this topic