Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.10 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

No cipher supported error

If you receive an error message that says: There is no cipher supported by both: client and server, refer to Cipher support.

Service account has insufficient privileges

If you are having service account issues, consider the following:

  • Is the service account properly authorized to access the system? In a common setup, sudo is used to elevate the service account's privileges on the system.
  • Has the service account been locked out or disabled?
  • Is the service account configured to allow remote logon?

A service account needs sufficient permissions to edit the passwords of other accounts. For more information, see About service accounts.

To resolve incorrect or insufficient service account privileges

  1. Verify that the service account has sufficient permissions on the asset.
  2. Perform Test Connection to verify connection.
  3. Attempt to manually check, change, and set password or SSH key again on the account that failed.

If the asset is running a Windows operating system, a local account password or SSH key check, change, or set can fail when you are using an asset that is configured with a service account with Administrative privileges, other than the built-in Administrator.

Before Safeguard for Privileged Passwords can change local account passwords or SSH keys on Windows systems, using a service account that is a non-built-in administrator, you must change the local security policy to disable the Run all administrators in Admin Approval Mode option. For more information, see Change password or SSH key fails.

Cannot connect to remote machine through SSH or RDP

If you are unable to connect to a remote machine either through SSH or RDP, log in to the Safeguard for Privileged Passwords desktop client as an Appliance Administrator and check the Activity Center and logs for additional information.

Cannot delete account

If you are unable to delete an account, review the considerations below.

Wrong account name:

As an Asset Administrator, you may receive this error if you attempt to delete an account : This entity has access requests which have not yet expired or have to be reviewed. It cannot be deleted now. This error could indicate that Safeguard for Privileged Passwords is trying to change the password or SSH key on an account that does not exist on the asset.

One reason for this error message is that the wrong account name was used when adding the account to Safeguard. So now when someone requests the password or SSH key for this account, Safeguard displays the password or SSH key that was manually set. However, when the requester attempts to log in to the asset using the bad account and password or SSH key, it will fail. If the access request policy specified Change password after check-in, the above error message appears when the administrator tries to delete the account from Safeguard for Privileged Passwords.

Workaround: To delete the account with the misspelled name, first manually set the password or SSH key on the account. Once the account password is reset, Safeguard for Privileged Passwords will allow you to delete the account.

For more information, see: 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating