Use of Password Capture Agent

What version of OneIM are you using?

It is 8.1.4

Did you follow the installation guide? https://support.oneidentity.com/de-de/technical-documents/identity-manager/8.1.4/password-capture-agent-administration-guide

It could be that you configured the configuration parameter QER\Person\UseCentralPassword\PasswordCaptureAgent\Certificate to 0, so the system would assume that unencrypted messages would be sent from the PCA. This is not the default case, which is of course using encryption on the PCA end.

Hello

I have reinstalled the PCA in the DC's and I have putt the certificate for encrypt password. Now, the error that it give in the Appserver is:

2021-05-14 10:20:30.5459 ERROR (PasswordCaptureAgentScript ) : Exception while trying to decrypt and verify the password. Exception Message: [238] Error 238

Greetings.

Hello

I have reinstalled the PCA in the DC's and I have putt the certificate for encrypt password. Now, the error that it give in the Appserver is:

2021-05-14 10:20:30.5459 ERROR (PasswordCaptureAgentScript ) : Exception while trying to decrypt and verify the password. Exception Message: [238] Error 238

Greetings.

Is the certificate available and accessible on the Application Server for the user the Application Server is running with?

The certificate that we have used para encrypt the password is installed in the DC's, but the certificate is not installed in the Application Server. Is it necessary?

Yes, it is. Please check the documentation https://support.oneidentity.com/de-de/technical-documents/identity-manager/8.1.4/password-capture-agent-administration-guide

Hi,

I have installed the certificate in the Server where i have deployed the Application Server and I have added the read permissions to the certificate for the web service.

I have the same error:

2021-05-18 17:04:42.4166 ERROR (PasswordCaptureAgentScript ) : Exception while trying to decrypt and verify the password. Exception Message: [238] Error 238.

Did the application pool user of the Application Server has access to the private key of the certificate? Again, please check the documentation.

Hi,

Work fine!

I have modified the user of the Application Pools of IIS and I have putted "Network Service". In the log of App Server get:

2021-05-19 12:08:33.9592 INFO (PasswordCaptureAgentScript ) : Password changed without Error

Is it correct, Right? 

Greetings

Looks like it.