Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Password Capture Agent Administration Guide

The One Identity Manager Password Capture Agent Managing the Password Capture Agent Fine-tuning automated password synchronization The Password Capture Agent Windows PowerShell module Event log for the Password Capture Agent Customizing security for the Password Capture Agent service Achieving high availability for the web service with Windows Network Load Balancing Installing the Password Capture Agent with MSIEXEC Certificate lookup options Known error codes

Advanced scenarios and more examples

With the Password Capture Agent Windows PowerShell module, there are many ways to install Password Capture Agent on your domain controllers. Use the built-in Windows PowerShell help to find more examples of usage:

Get-Help Get-PasswordCaptureAgentServiceConfig -Full

Get-Help Set-PasswordCaptureAgentServiceConfig -Full

Get-Help Install-PasswordCaptureAgent -Full

Get-Help Uninstall-PasswordCaptureAgent -Full

Event log for the Password Capture Agent

You can read the Password Capture Agent log in the event viewer, in the Applications and Services Logs folder. It shows you details of hints, warnings, and errors if they occur.

  • Level

  • Date and time

  • Source

  • Event ID

  • Track category

In addition, you will find information about the configuration summary on every startup process.

Example:

Configuration summary:

  • This DLL: "C:\WINDOWS\system32\PCA_Driver.DLL"

  • File Version: "1.0.1.9"

  • DLL File Version: "1.0.1.9"

  • Used log in event log: "One Identity Manager Password Capture Agent", with source name: Driver

  • Configuration key: "HKEY_LOCAL_Machine\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Driver"

  • Diagnostic mode: No

  • Deactivate on start: No

  • Retry on error after seconds: 120

  • Storage time of pending captures in days: 7

  • Log file: "<no log file specified>"

  • Domain name for accounts: "democorp"

  • Companion service: "One Identity Manager Password Capture Agent” has successfully initialized

  • Number of unfinished captures in queue: 0

  • Driver initialization completed.

Customizing security for the Password Capture Agent service

You can limit the scope of users and groups that are permitted to configure the Password Capture Agent service using built-in Windows techniques.

Use the COM+ Management Console to specify permissions for the SetConfigParameter task under Component Services\Computers\My Computer\COM+ Applications\One Identity Manager Password Capture Agent\Components\PCA.Com_Class\Interfaces\COM_Interface\Methods.

Achieving high availability for the web service with Windows Network Load Balancing

This appendix describes how to achieve high availability for the web service using the Network Load Balancing service.

The Network Load Balancing cluster requires a dedicated IP address and fully qualified domain name. This should be set up before installing the cluster. The fully qualified domain name will be used later to access the web service. This means that every host needs a certificate that is valid for the chosen fully qualified domain name and is trusted by each domain controller.

Hosts in a Network Load Balancing cluster require at least two network interface cards. The first network interface card should be for general communication and maintenance and the second network interface card should be dedicated to Network Load Balancing traffic.

To allow high availability in a Network Load Balancing cluster, you need multiple hosts installed and configured with the web service. These hosts should be dedicated to that task. Installing Network Load Balancing on domain controllers is not supported.

Example: Settings in this lab with network interface card (NIC) and fully qualified domain name (FQDN)

Host1

Web01.democorp.com (Windows Server 2012 R2)

NIC1: 192.168.0.20

NIC2: 192.168.0.200 (STATIC)

Host2

Web02.democorp.com (Windows Server 2012 R2)

NIC1: 192.168.0.21

NIC2: 192.168.0.201 (STATIC)

Network Load Balancing Cluster:

FQDN: ServiceCluster.democorp.com

IP: 192.168.0.50

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating