Chat now with support
Chat with Support

Identity Manager 8.0 - Password Capture Agent Administration Guide

The One Identity Manager Password Capture Agent Appendix About us

Step 2: Configure Windows Network Load Balancing

Step 2: Configure Windows Network Load Balancing

This step shows you how to configure the Network Load Balancing process. This task will be executed on one of the hosts that should be clustered for Network Load Balancing. These settings require you to have administrative privileges on the selected hosts.

To configure Network Load Balancing (manually)

  1. Start Network Load Balancing Manager.
  2. In the menu Cluster, click on New.
  3. Preform the following tasks in the window "New Cluster: Connect".
    1. Connect to your first host, e.g.: web01.democorp.com and click Connect.
    2. In the list of network interfaces, select Ethernet 2 - with the IP that is dedicated to Network Load Balancing and set to "static".
    3. Click Next.
  4. In the window "New Cluster: Host Parameters", click Next.
  5. Preform the following tasks in the window "New Cluster: Cluster IP Addresses".
    1. Click Add and enter the Cluster IP: 192.168.0.50 with matching subnet mask.
    2. Click Next.
  6. Preform the following tasks in the window "New Cluster: Cluster Parameters".
    1. Enter the Full Internet Name, e.g.: ServiceCluster.democorp.com.
    2. Click Next.
  7. Preform the following tasks in the window "New Cluster: Port Rules".
    1. Select the existing rule and click Remove.
    2. Click Add.
  8. Preform the following tasks in the window "Add/Edit Port Rule".
    1. Set the Port range to: From 443 To 443.
    2. Select "TCP" as protocol.
    3. Set the Filtering Mode to "Multiple Host".
    4. Set the Affinity to match your requirements or leave it at "Single (*)".
    5. Click OK.
    6. Click Finish.

(*) The affinity is used to determine to which back-end server a client is connected. The Webservice uses a stateless architecture, thus any affinity will work.

To add additional hosts to the Network Load Balancing cluster

  1. Start Network Load Balancing Manager.
  2. In the menu Cluster, click on Connect to existing.
  3. In the window "Connect to Existing: Connect", enter the Cluster IP / FQDN and click Connect.
  4. In the Clusters list, select the Cluster and click Finish.
  5. In the tree view, select the cluster.
  6. In the menu Cluster, click on Add Host.
  7. Preform the following tasks in the window "Add Host to Cluster: Connect".
    1. Connect to your next host, e.g.: web02.democorp.com and click Connect.
    2. In the list of network interfaces, select Ethernet 2 - with the IP that is dedicated to Network Load Balancing and set to "static".
    3. Click Next.
  8. In the window "Add Host to Cluster: Host Parameters", click Next.
  9. In the window "Add Host to Cluster: Port Rules", click Finish.

Step 3: Configuration Validation

Before changing the configuration of the One Identity Manager Password Capture Agent, you must validate the configuration. After the previous steps, you should be able to access https://ServiceCluster.democorp.com and see the IIS welcome screen.

Step 4: Applying Password Capture Agent Web Service URL on the Password Capture Agent

Step 4: Applying Password Capture Agent Web Service URL on the Password Capture Agent

To set the Password Capture Agent web service URL

  1. Start an elevated command line.
  2. Execute command to modify the web service URL at the Password Capture Agent.

    REG ADD "\\<COMPUTERNAME>\HKLM\Software\One Identity\One Identity Manager\Password Capture Agent" /v "WebService_URL" /t REG_SZ /d "https://ServiceCluster.democorp.com/SoapService/Q1IMService.asmx"

  3. Execute commands to restart the Password Capture Agent service.

    sc \\<COMPUTERNAME> stop "Password Capture Agent"

    sc \\<COMPUTERNAME> start "Password Capture Agent"

Troubleshooting

When accessing https://ServiceCluster.democorp.com I receive an invalid certificate error in my browser.

Since you are not accessing each host by its real host name, you have to ensure that the SSL certificate was issued to the common name matching the cluster’s fully qualified domain name and that the fully qualified domain name is set in the Subject Alternative Names (SAN) field.

When accessing https://ServiceCluster.democorp.com Kerberos authentication fails.

Since you are accessing all servers in this cluster with the same fully qualified domain name, Kerberos authentication will fail. If you have NT Lan Manager disabled as fallback, authentication will not work.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating