If you receive a persistent message that says, "An internal request has timed out..." when you attempt to add an appliance to a cluster, ensure that the appliance is at the same version of Safeguard for Privileged Passwords as the primary. All members of a cluster must be the same.
If the system services do not update or restart after an automatic password change, first check your audit logs in the Activity Center.
|
Note: You can also check the Support Bundle logs. |
If the audit logs do not adequately explain the problem, then check the options on the Change password tab of the profile that governs the service account. For more information, see Creating a partition profile.
For service accounts that run system services or scheduled system tasks, verify the options on the profile's Change password tab that enable or disable automatic service update, or restart. You must update the Change Password Setting to change these options. For more information, see Change Password.
In addition to the monitoring tools in Safeguard for Privileged Passwords, you can use the monitoring and troubleshooting tools in Safeguard for Privileged Sessions (SPS) during the join process. Several SPS tools are described below.
If the join process fails for any reason, consult the system logs.
To view the Safeguard for Privileged Sessions logs, navigate to Basic Settings | Troubleshooting | View log files.
To show only the logs for the join process:
Use the buttons at the bottom of the dialog to perform the following tasks:
To increase the level of detail in the log, enable debug level logging at Basic Settings | Management | Debug logging | Enable debug logs.
When SPP and SPS report a successful join, but the connections don't work, view the SPS connection logs.
In Safeguard for Privileged Sessions, navigate to Basic Settings | Troubleshooting | View log files.
To show only the logs for the join process:
To change the verbosity level of SPS, complete the following steps in Safeguard for Privileged Sessions:
Select the desired log level from the Verbosity level field. The verbosity level ranges from 1 (no logging) to 10 (extremely detailed), with level 4 being the default normal level.
|
CAUTION: High verbosity levels generate a very large amount of log messages and might result in a very high load on the machine. Log levels set around 9 to 10, may result in logs with highly sensitive data, for example, passwords in plain text format. |
In addition to using Safeguard for Privileged PasswordsDiagnostics tools, you can use Safeguard for Privileged Sessions tools to test network issues. The following commands are available:
To execute one of the above commands, complete the following steps in Safeguard for Privileged Sessions:
If you have an issue which needs Support assistance, you may be asked to provide an SPS Support Bundle. To collect system-state information (also known as a debug bundle) in Safeguard for Privileged Sessions:
To collect information for a specific error, complete the following steps in Safeguard for Privileged Sessions :
Click Start.
|
NOTE: Starting debug mode increases the log level of SPS, and might cause performance problems if the system is under a high load. For troubleshooting purposes, the logs can contain highly sensitive data, for example, passwords and keys in plain text format. If you are concerned about the presence of sensitive data, check the collected log files before submitting them to the Support Portal. |
Reproduce the event that causes the error, for example connect to a server.
Click Stop.
Click Save debug bundle and save the created zip file. The name of the file uses the debug_info-<hostname>YYYYMMDDHHMM format.
SPS includes the configuration files of any plugins installed. Note that depending on the plugin, these configuration files can contain sensitive information, such as passwords or API keys. In this case, edit the plugin-related files in the plugins directory of the debug bundle and delete the sensitive information.
Attach the file to your support ticket.
For more information, see the One Identity Safeguard for Privileged Sessions Administration Guide. Use this link to view the latest documentation: https://support.oneidentity.com/one-identity-safeguard-for-privileged-sessions/download-tech-doc.
Common join error resolutions follow which may occur when joining Safeguard for Privileged Passwords (SPP) to Safeguard for Privileged Sessions (SPS).
ERROR: Request to https://192.0.2.123/RSTS/oauth2/token failed, response (HTTP 0):
Error: <urlopen error [Errno 113] No route to host>
ERROR: Request to https://192.0.2.123/RSTS/oauth2/token failed, response (HTTP 404):
b'<!DOCTYPE html><html...
{ "error": "invalid_request", "error_description": "Access denied.", "success": false }
ERROR: Request to https://192.0.2.123/service/core/v2/Cluster/SessionModules failed, response (HTTP 400):
{
"Message": "Failed to verify the given credentials and SSL certificate."
}
{ "Message": "The session connection has a missing, invalid, or non-unique value for Name." }
{ "Code": 60108, "Message": "Authorization is required for this request.", "InnerError": null }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy