Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.3 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Information does not display in the console

If you are expecting to see information for a host that the mangement console is not showing, perhaps you have not selected to view those columns.

Use the Columns menu in the View panel of the task bar to display information related to either Privilege Manager or Authentication Services in the mangement console.

To display the One Identity product-related information

  1. Open the Columns menu and choose either Privilege Manager or Authentication Services or both.

    By choosing Privilege Manager, the Privilege Manager-related columns display in the mangement console; that is, the Installed, Version and Status columns. By choosing Authentication Services, the Authentication Services-related columns display in the mangement console; that is, the Authentication Services state column, represented with the icon, the Version, and Joined to Domain columns.

Note: All columns show by default. Once you have opened (or closed) a column group, the mangement console remembers the setting from session to session. However, if you reinstall Management Console for Unix, it reverts back to the default of showing all columns.

License information in report is not accurate

The pmloadcheck daemon runs on each configured policy server to verify its status. It controls load balancing and failover for connections made from the host to the configured policy servers, and, on secondary servers, it sends license data to the primary server.

The Product License Usage report is only accurate up to the last synchronization interval which by default runs every 60 minutes.

Note: The Product License Usage report does not include trial license information.

Out of memory error

If you see java.lang.OutOfMemoryError in the logs then may need to adjust your JVM memory allocation. See JVM memory tuning suggestions for details.

Post install configuration fails on Unix or Mac

If you installed Management Console for Unix on a Unix or Linux computer that has Authentication Services installed and is joined to an Active Directory domain and encountered the following error message when running the post installation configuration of the mangement console: "Can't find domain controller for <domain>", verify your installation configuration.

To verify the installation configuration

  1. Verify that DNS is valid and that the server can connect to the domain.
  2. Verify that you are configured for a domain in the same forest to which you are joined.

    Note: If the computer is not joined to a domain, you could have configured the mangement console for any domain reachable by DNS.

  3. If you have Authentication Services installed, verify that the host.keytab file is valid by running the following command without error:
    /opt/quest/bin/vastool -u host/ -k <path_to_keytab> info id

    Note: Typically, the host.keytab file is located at: /etc/opt/quest/vas/host.keytab.

  4. If you recently joined or rejoined and there are multiple domain controllers in the domain, wait for the computer object to be replicated to all domain controllers in the forest.
  5. Verify that the clocks for the Management Console for Unix server and the Active Directory domain controller are synchronized.

    Kerberos requires that the Management Console for Unix server and Active Directory domain controller clocks are within five minutes of each other.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating