Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Test Connection failures

The most common causes of failure in SPP are either connectivity issues between the appliance and the managed system, or problems with service accounts.For more information, see Connectivity failures.

Disabling User Account Control (UAC) Admin Approval Mode on a remote host can also resolve Test Connection failures. For more information, see Change password or SSH key fails.

If you have entered values for Specify Domain Controllers and if SPP does not find a domain controller in the list, the test connection fails and an error is returned.

The following topics explain some possible reasons that Test Connection could fail.

Test Connection failures on archive server

There could multiple reasons why you receive an Unexpected copying error... when attempting to run Test Connection on an existing archive server.

When you run Test Connection, SPP adds a file named Safeguard_Test_Connection.txt to the Storage Path location of the archive server owned by the Account Name you entered when you created the archive server. To run Test Connection on an existing archive server with a new account name, you must first delete the existing Safeguard_Test_Connection.txt file.

Certificate issue

If you are experiencing Test Connection failures for an asset that uses SSL, these are some possible causes:

Cipher support

Both the SPP client and the SSH server must support the same cipher. If you run Test Connection against an asset that uses SSH and there is no cipher supported by both the client and the server, SPP displays an error message that says, Connecting to asset XXXXXXXXXXXXXXXXXX failed (There is no cipher supported by both: client and server). This means that during the setup of the asset connection, the SPP client and the SSH server did not have matching ciphers for message encryption. In this case, you must modify the SSH server's configuration by adding at least one cipher supported by SPP to the list of ciphers.

SPP supports these ciphers:

  • 3des
  • 3des-ctr
  • aes128
  • aes128-ctr
  • aes192
  • aes192-ctr
  • aes256
  • aes256-ctr
  • arcfour
  • arcfour128
  • arcfour256
  • blowfish
  • blowfish-ctr
  • cast128
  • cast128-ctr
  • des
  • idea
  • idea-ctr
  • none
  • serpent128
  • serpent128-ctr
  • serpent192
  • serpent192-ctr
  • serpent256
  • serpent256-ctr
  • twofish128
  • twofish128-ctr
  • twofish192
  • twofish192-ctr
  • twofish256
  • twofish256-ctr

For example, if using an OpenSSH server with a default list of ciphers, you must add one or more of these ciphers in the OpenSSH's sshd_config file, and then restart the SSH server. For more information about OpenSSH ciphers, see http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config&sec=5.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating