• State Suggested Answer
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 2211 views
  • Users 0 members are here
Options
Related

can't change password for New discovered accounts

Mahmoud Emad
over 3 years ago

Hello,

kindly help for below error as change password and check password tasks couldn't be done successfully

Queuing task.
Starting task.
Looking up user information for ***.
Changing password for account ***.
Unable to log in to the asset using service account ***@*****.com
Saving task results.
Task completed with failure.

although connection with active directory succeeded  using the same service account.

  • 0 over 3 years ago

    Here are a few things to look at and try.

    I assume that the target asses is a domain member and not a stand alone system and that you can authenticate to it with a domain admin account. Also that the service account is not a member of domain admins.

    Does the connection test associated with the asset configured in safeguard to the asset pass?

    Is the target asses behind any firewall or have ACL's been set that may prevent Safeguard from reaching it? Check the admin guide for details of ports that need to be open.

    Have you modified your AD to allow the service account to have permissions to be able to reset password? If service account is not a member of domain admins then  you need to make changed to the protected groups to allow it to have the minimum permissions to manage passwords.

    Have you tried making the service account a member of domain admins and re-running your reset job to see if that works? This will tell ypu if you have a permission issue.

    Do you use this service account to manage password on other assets? Can this service account reset passwords on other assets? If it works compare configurations for both servers.

    Hope this helps

    Tim

  • 0 over 3 years ago in reply to tim westcott

    Hi Tim,

    thanks for your reply

    please note that service account is member of domain admins, so will check its function to reset active directory accounts and send the feedback soon.

    for Firewall potentials, i see connection to AD is well also account discovery running well. please explain which ports to be open for change and check password functions

  • 0 over 3 years ago in reply to Mahmoud Emad

    for firewall ports check out the admin guide appendix. "Safeguard Ports"This will give you a full list. It is appendix A on page 573 in the 6.0 LTS guide

    If service account is a member of domain admins at this stage you should not have a permission issue. Best practice would recommend that the permissions on this account be reduced in final configuration.

    Can you login to the target asset with the service account?

    Does the Safeguard connection test work without error? This would give an indication that Safeguard can reach the asset.

    Tim