Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Cannot connect to remote machine through SSH or RDP

If you are unable to connect to a remote machine either through SSH or RDP, log in to the Safeguard for Privileged Passwords desktop client as an Appliance Administrator and check the Activity Center and logs for additional information.

If you are using the embedded sessions module, you may also check:

  • Ensure that the Network Interface X1 is configured correctly (Administrative Tools | Settings | Appliance | Networking). If one or more Safeguard Sessions Appliances are joined to Safeguard for Privileged Passwords, X1 is not available in Safeguard for Privileged Passwords.
  • Ensure that you have installed the Privileged Sessions module license. (Administrative Tools | Settings | Appliance | Licensing).

Cannot delete account

If you are unable to delete an account, review the considerations below.

Wrong account name:

As an Asset Administrator, you may receive this error if you attempt to delete an account : This entity has access requests which have not yet expired or have to be reviewed. It cannot be deleted now. This error could indicate that Safeguard for Privileged Passwords is trying to change the password on an account that does not exist on the asset.

One reason for this error message is that the wrong account name was used when adding the account to Safeguard. So now when someone requests the password for this account, Safeguard displays the password that was manually set. However, when the requester attempts to log in to the asset using the bad account and password, it will fail. If the access request policy specified Change password after check-in, the above error message appears when the administrator tries to delete the account from Safeguard for Privileged Passwords.

Workaround: To delete the account with the misspelled name, first manually set the password on the account. Once the account password is reset, Safeguard for Privileged Passwords will allow you to delete the account.

Cannot play session message

If you receive a message that says Cannot play session... The specified executable is not a valid application for this OS platform, you are most likely attempting to run the Desktop Player on a 32-bit platform, which is not supported.

Domain user denied access to Safeguard for Privileged Passwords

If you add a directory user who has the User must change password at next logon option enabled in Active Directory, Safeguard for Privileged Passwords prevents that user from logging in. There are two ways to allow the directory user to log in to Safeguard for Privileged Passwords successfully:

  • Have the directory user use his domain account to log in to an asset joined to Active Directory. When prompted he can change his password. This fulfills the User must change password at next logon requirement.

    -OR-

  • Have the domain administrator disable the option in Active Directory for the directory user.
Related Documents