We are currently running 8.1.1 with an encrypted database. I am trying to setup a new job server with a service account instead of using the standard local system account. If I put the private key file into the local folder of viNetworkService.exe and run the service as the local system account, then the key is imported without an issue. However, when I stop the service and assign it to use the service account, I get the following error on startup:<r>2020-09-18 22:26:06 +02:00 - Serious: Error initializing service: [821000] Could not initialize One Identity Manager Service.; [821070] Error loading private keys.; [System.Security.Cryptography.CryptographicException] Key not valid for use in specified state.<x><e>2020-09-18 22:26:06 +02:00 - Error occurred in Job Service (thread: <Unknown>):[821049] Error starting One Identity Manager Service. [System.Exception] No job provider configured.<x><d> at VI.JobService.JobService._StartJobService()<x><w>2020-09-18 22:26:06 +02:00 - Warning: Error starting the service. Retrying after 00:01:30.<x>
If I put the private key file into the folder and restart the service, it get the following:<w>2020-09-18 22:24:17 +02:00 - Warning: Moving private key to the key container.<x><e>2020-09-18 22:24:18 +02:00 - Error occurred in Move private key (thread: <Unknown>):[System.Security.Cryptography.CryptographicException] Key not valid for use in specified state.<x><d> at VI.JobService.PrivateKeyHandler._ReadAndSecureKey(EncryptionScheme scheme, String path, String containerSuffix) at VI.Base.Implementation.WindowsRuntimeEnvironment.SaveToKeyContainer(String name, RSA rsa) at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)<x>
I've recreated the connection parameters in the Job Service Configurator for the service account, so I'm not understanding why it is unable to access the database and/or utilize the key. Is there a password store local to the job server that needs to get removed before I can switch the account running the service?
- Products
- View all products
- Free trials
- Privileged Access Management
- Overview
- PAM Essentials
- Safeguard
- Safeguard On Demand
- Safeguard for Privileged Analytics
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
-
Endpoint Privilege Management
- Privilege Manager for Windows
- Privilege Manager for Unix
- Safeguard Authentication Services
- Safeguard for Sudo
- Access Management
- Identity Governance and Administration
- Active Directory Management
- Log Management
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities
