Quantcast
Channel: Support Portal
Viewing all 1872 articles
Browse latest View live

Re : Resource import - filtered by IU not working

October 9, 2015, 4:25 am
$
0
0

PMP called me and explained how to do this properly ( and yes I should have backed up the DB before attempting a BIG import from AD - hey everybody is entitled to one bad day at the office ).

The solution is to ignore the OUs to import box altogether and click Import (yup don't fill in any details other than the account to use to discover the resources ) you'll then be able to pick an OU from a list. Not entirely intuitive.  It seems typing anything in the OU box is likely to pull in everything it can!

https://clan8blog.wordpress.com/

Search

Automated import of resources

October 9, 2015, 8:55 am
$
0
0

Is there a way to automate the importing of resources from Active Directory?


Ideally we'd like to have PMP reach out to our AD on a scheduled basis and pull in any resources in a select OU. 

Account targetted bulk reset

October 9, 2015, 10:42 am
$
0
0

I am trying to configure resets for one administrator account that we have on all of our servers without effecting any other potential local administrator accounts.


For example:  we have an admin account called admin1 on all of our servers.  I know I can create a resource group that will contain all systems containing the user admin1.  But doing this if there is another local administrator account, admin2 for example, on the box it will also show up under the systems.  So a bulk reset would hit both of these accounts.


Is there a way to only have a bulk reset target the admin1 account without effecting the other local admin accounts?

Re : Password Manager Pro - pmp_key.key

October 12, 2015, 6:49 am
$
0
0
Hi Linda,

Thanks for the forum post.
The account used by the Password Manager Pro service should have read access to the pmp_key.key in the remote server. More information about managing the encryption key is available in this link.

Feel free to write to us if you have any other questions.

Thanks & Regards,
Chris
[Technical Consultant | Password Manager Pro]

Re : Limit password access to resource groups by user group

October 12, 2015, 6:54 am
$
0
0
Hi,

Thanks for the post.
Password Manager Pro is build based on Ownership concept. So if you add some passwords into PMP, by default it will not be displayed to another user in PMP(Not even to other admins). So as the owner for these passwords, you will decide which user should have access to which passwords. Based on your exact requirements, you will be able to share the passwords to other users with correct permission levels. More information about the sharing options are available here.

This is applicable at the resource group level as well. When a resource group is create it will not be visible to any other user/ user group including admins of the tool. The owner of the resource group should decide and share the group based on the requirements. So, when the normal users login they can see only the resource groups which are shared to them.

Feel free to write to us if you have any other questions.

Thanks & Regards,
Chris
[Technical Consultant | Password Manager Pro]

Re : Password Special Characters

October 12, 2015, 7:02 am
$
0
0
Hi Ross / Lee.

Thanks for the forum post.
PMP supports UTF-8 encoding so it is possible to add passwords with any type of special characters. But, these are for the passwords and other information stored inside PMP. When it comes to password policy, t he special characters used by the password generator in PMP are  @ $ - % & ( ) * = ^ . so based on your requirements you can exclude other characters by adding them in "Characters not allowed" in password policy.

Feel free to write to us if you have any other questions.

Thanks & Regards,
Chris
[Technical Consultant | Password Manager Pro]

Bulk Configure Resource Fields

October 13, 2015, 1:54 pm
$
0
0
Is there any way to modify the contents of a field such as 'Location' for a whole group of resources?

Re : Account targetted bulk reset

October 14, 2015, 5:42 am
$
0
0
Hi,

Thanks for the forum post.
You will be able to reset or update the passwords in a bulk by creating a Criteria based group in PMP. For instance, lets say you have 10 Windows resource with 10 Admin1 and Admin2 accounts and you wish to reset only the Admin1 account Passwords on all these 10 Windows Resource having the other Admin2 account untouched. Navigate to Resource -- Resource Groups -- Add Group and select Criteria Based group. Specify a criteria stating Resource Type  --  Contains = Windows  (+) User Account -- Equals = Admin1, this will group the 10 Admin1 accounts as one group. You can then click on the change Password button to update the password in bulk or also you can use the schedule button to Automate the password resets periodically.

Let us know if you have any further questions.

Password Manager Pro Team
Email: passwordmanagerpro-support@manageengine.com
Password Manager Pro - Enterprise Password Management Software
Search

Re : Account targetted bulk reset

October 14, 2015, 5:47 am
$
0
0

Hello,


I have tried this per your suggestion and it is still pulling in the guest accounts and other local accounts.

Re : Account targetted bulk reset

October 14, 2015, 5:55 am
$
0
0
Hi David,

Specifying a correct criteria will definitely not add other accounts to the group. The Criteria Group result should be seen from the reports(report button present next to the Resource groups under the Resource groups section) or from the criteria search when you create the group and not in the Resources tab/Home tab by filtering out the created Criteria Group from "Show Resources of Column". This will display both accounts part of the Resource.
Password Manager Pro Team
Email: passwordmanagerpro-support@manageengine.com
Password Manager Pro - Enterprise Password Management Software

Re : Services to Monitor

October 14, 2015, 1:58 pm
$
0
0
Hi Linda,

Thanks for the forum post.
You can monitor the Password Manager Pro in the sevices.msc. Both, the web server and the database will be started and stopped suing the Password Manager Pro service. The web server listens on the port 7272 or 443 and the database listens on the port 2345 so you can monitor these ports as well.

Feel free to write to us if you have any other questions.

Thanks & Regards,
Chris
[Technical Consultant | Password Manager Pro]


Re : Account targetted bulk reset

October 16, 2015, 7:31 am
$
0
0

Dvanwart - I assume you have noticed that when you do an auto import of a resource it adds all local accounts to the resource when you only want specific accounts to be pulled in. I have the same problem and have suggested they provide more granular control on the import.

The solution Christus is suggesting is a work around.  You can't stop it pulling in the other local accounts like guest etc. even if they are disable don the server.  What you can do is create a dynamic resource group that contains the server and only the accountnames you specify. 

Confusingly looking in the resource tab and filtering on the resource group you still see all the other accounts.  BUT do the same on the Home tab and only the account names you specified will display.  Setup automated password reset and only the account names in the group will be reset and whilst the guest and other accounts it automatically discovered will show in the resource tab the password reset will only work on the account names you define in the dynamic group.

Create a criteria like this







This is how it looks in the resource tab you can see all the auto discovered accounts - but I only want superuser














On the home tab which is where most people will be working from you only see the superuser account.











Then you can schedule password resets on the resource group and it will only change the accounts you added to the query










https://clan8blog.wordpress.com/

Re : Bulk Configure Resource Fields

October 16, 2015, 7:40 am
$
0
0

You need to check with the vendor but it is possible using an SQL query and I have posted a solution else where in this forum.  You cannot search the tables for a resource name as they encrypt it.  But if you have other criteria you can use, like the DNS Name or the IP address, then you can construct a query to update multiple row.

first construct a query to display the rows you are interested in, e.g.

Select * from [PassTrix] . [dbo] . [Ptrx_Resource] where RESOURCEDESC like '%Resource imported from domain : %' and IPADDRESS like 'LON%'

If this shows what you need then you can update like this

UPDATE [PassTrix] . [dbo] . [Ptrx_Resource]

SET [LOCATION] = 'London'

, [RESOURCEDESC] = 'London Workstation'

-- ,[PORT]=3389
-- ,[SSHPORT]=22
-- ,DOMAINNAME='MYDOMAINNAME'

DEPARTMENT = 'Service Desk'

where RESOURCEDESC like '%Resource imported from domain : %' and IPADDRESS like 'LON%'


NOTE: MAKE A BACKUP BEFORE DOING THIS!


https://clan8blog.wordpress.com/

Re : Password Manager Pro - pmp_key.key

October 16, 2015, 7:43 am
$
0
0

I'm thinking of securing this key using EFS.  Logon as the service account.  Encrypt the key and then logoff.  This way no one can copy off the key as it's encrypted.  They could back it up but when they restore it they will not have the encryption key so will not be able to unencrypt it.  In an emergency the key can be restored using the kyescrow account.

Has anyone tried this?

https://clan8blog.wordpress.com/

Re : Automated import of resources

October 16, 2015, 7:51 am
$
0
0

If you have the enterprise version yes you can do this - but the documentation on line is out of date.  They added a new button on the resource tab called Discover Resources








You can limit to a group or an OU - BUT don't do what I did and enter an OU in the box saying OU.  Leave the boxes blank and click import.  Then you will get an AD tree structure displayed.  You can select the required OU from the tree.



https://clan8blog.wordpress.com/

Search

Sharing Management of resources

October 16, 2015, 8:07 am
$
0
0

I'm trying to deploy PMP in my environment to manage all passwords.  I've come across a slight problem.  I've spent quite a while figuring out how to import resources, group resources using resource groups and sharing the resource groups do various teams. 

Now I want to hand over this responsibility to the support teams - I work in an engineering department and I won't actually be using this tool at all I've just been tasked with working out how best to use it. 

It looks good but now when I want to hand it over I realise that the view I just built can't be shared unless I make all administrators super administrators.

The scenario I need to provide is support team A has 5 people in it.  lets call them A1 to A5. All five are in a usergroup called TeamA 

A1 logs on and adds a resource - lets say a windowsdomain resource and adds a bunch of service accounts.  A1 then creates another resource this time Windows and adds a bunch of local accounts.  A1 then creates a resource group and adds the 2 resources to it - using a query.  A1 shares the resource group to usergroup TeamA.

A2 logs on and in the Home tab he can see all resources A1 created. He can filter it on the resource group too. Great!

A2 now wants to add a resource to the windowsdomain - he clicks on the resource tab and ....... Nothing.  No resources are shown.  A2 cannot add a resource to the resources A1 created because he can only view them.  He can add a resource and if the dynamic criteria of the resource group A1 set up is met by the resource A2 created everyone in the usergroup can see it on the home tab.  

When A1 logs back in he can see all resources shared to him - via the user group and this includes the resource A2 added BUT he cannot see the resource A2 added on the resource tab he cannot add to it or manage it.

When a resource group is shared I want for everyone in TeamA to be able to see and edit the accounts in that resource. 

Am I missing something here? 

https://clan8blog.wordpress.com/

Scheduled task not updated and cannot be discovered when it is using a local account

October 20, 2015, 2:40 am
$
0
0

Some of our servers have scheduled tasks running as the local admin password.

I've added the server as a resource and I've added the local admin account as an account and verified that the password is in sync.

If I select the account and click "scheduled task" PMP checks if any scheduled tasks are running using the account.  it says there are no tasks running.

There is a task scheduled on the server

but when I reset the local admin password the scheduled task is not updated and fails.

Am I doing something wrong?  I've done the same test for a domain account and it works fine.  Just not for local accounts. 


https://clan8blog.wordpress.com/

PostgresSQL server failing to start after updating keystore in server.xml with new certificate

October 20, 2015, 6:15 pm
$
0
0
I installed PMP on a fresh Windows 2012 R2 server.  During configuration, I was confused by the "installed as a service" references in the documentation and was concerned that I had not installed it properly.  So I uninstalled it and tried to reinstall it.  The uninstall process had not deleted the original install folder. I tried to delete the folder but it was in use.  I suspected the postgressql database but didn't check for certain.  After rebooting I was able to install PMP again.  I'm not sure if that is causing the issue or not, but since the issue is with postgressql I thought I'd mention it.

I have configured the PMP windows service to run as a domain account (it's not clear in the documentation how to do this - but I need it running as a domain account so that it can access the share I want to put the key file that is supposed to be stored remotely).  I gave it local administrative rights (no indication that this is needed, but since it would need "write" rights to a number of folders and likely the postgressql database, I gave it local admin).  Again - not sure if that is related, but thought I would mention it.

I could successfully browse to the localhost:7272 port, and remotely. I was getting the certificate error so I decided to generate one with keytool, which I then signed with my enterprise CA.  I installed this certificate in the keystore and configured it to work in server.xml.  After restarting the PMP service, I was unable to browse to the PMP web page. I took a look in the wrapper.log file and found an error stating that "Trying to start PostgresSQL server failed".  After rebooting, PostgresSQL server came back up.  I suspected that this was okay as I will almost never need to change the keystore or XML file, so an occasional reboot is nothing to panic over.

After browsing to the web page via the netbios name, I got certificate errors, but it did work with the FQDN.  I then decided that i needed a new certificate that had both the FQDN and the netbios name; subject alternative DNS names.

I created this second certificate using the exact same process, with no problems at all.  After configuring the server.xml file again, I had to reboot the server again - postgresSQL was not starting.  However, NOW postgresSQL is no longer starting after the reboot.  Going into the various log files, I've noticed a few events that MIGHT be related:

pmp0.txt mentions a file that does not exist.  The error occurs MANY times, going back a day - prior even to updating the certificate for the first time).  Below are the last entries in the file, I rebooted it at 17:35 and got no more errors in this log (but the issue still remains):
[17:09:46:013]|[10-20-2015]|[com.adventnet.passtrix.client.util.ClientUtil]|[INFO]|[75]:  getSlaveHost - conf file does not exists ..\pgsql\bin\Primary.conf|
[17:12:24:940]|[10-20-2015]|[com.adventnet.passtrix.service.PassTrixService]|[INFO]|[18]: Entering PassTrixService StopService |

The serverout0.txt log file appears to have more information:
[17:34:54:645]|[10-20-2015]|[com.adventnet.mfw.Server]|[INFO]|[17]: Creating new Server instance|
[17:34:55:554]|[10-20-2015]|[com.adventnet.persistence.ConfigurationParser]|[INFO]|[17]: Processing D:\ManageEngine\PMP\bin\..\conf\product-config.xml|
[17:34:55:554]|[10-20-2015]|[com.adventnet.persistence.ConfigurationParser]|[INFO]|[17]: Processing D:\ManageEngine\PMP\bin\..\conf\customer-config.xml|
[17:34:56:071]|[10-20-2015]|[com.zoho.net.handshake.HandShakeServer]|[INFO]|[19]: Starting HandShakeServer...|
[17:34:56:086]|[10-20-2015]|[com.zoho.net.handshake.HandShakeServer]|[INFO]|[19]: Writing HandShakeServer port [49617] in .lock file|
[17:34:56:086]|[10-20-2015]|[com.zoho.net.handshake.HandShakeServer]|[INFO]|[19]: HandShakeServer listening port :: 49617|
[17:34:56:086]|[10-20-2015]|[com.zoho.net.handshake.HandShakeServer]|[INFO]|[19]: Waiting for client connection...|
[17:34:56:180]|[10-20-2015]|[com.zoho.net.handshake.HandShakeUtil]|[INFO]|[17]: Started HandShakeServer successfully.|
[17:34:56:305]|[10-20-2015]|[com.adventnet.persistence.ConfigurationParser]|[INFO]|[17]: Processing D:\ManageEngine\PMP\bin\..\conf\product-config.xml|
[17:34:56:305]|[10-20-2015]|[com.adventnet.persistence.ConfigurationParser]|[INFO]|[17]: Processing D:\ManageEngine\PMP\bin\..\conf\customer-config.xml|
[17:34:58:227]|[10-20-2015]|[com.zoho.framework.utils.crypto.EnDecrypt]|[SEVERE]|[17]: Encryption failed|
[17:34:58:383]|[10-20-2015]|[com.adventnet.persistence.PersistenceInitializer]|[INFO]|[17]: Reading ./../conf/database_params.conf |
[17:34:58:383]|[10-20-2015]|[com.zoho.framework.utils.crypto.EnDecrypt]|[SEVERE]|[17]: Encryption failed|
[17:34:58:602]|[10-20-2015]|[com.adventnet.ds.DefaultDataSourcePlugIn]|[INFO]|[17]: ConnectionPoolParams :: minSize :: [20], maxSize :: [1], idleTimeout :: [1,800 seconds], blockingTimeout :: [30 seconds]|
[17:34:58:899]|[10-20-2015]|[com.adventnet.ds.DefaultDataSourcePlugIn]|[INFO]|[17]: DataSourceorg.jboss.resource.adapter.jdbc.WrapperDataSource@1ba3a5a|
[17:34:58:993]|[10-20-2015]|[com.adventnet.persistence.PersistenceInitializer]|[INFO]|[17]: Archive Adapter class ::: com.adventnet.db.archive.DefaultArchiveAdapter|
[17:34:58:993]|[10-20-2015]|[com.adventnet.persistence.PersistenceInitializer]|[INFO]|[17]: Storage Adapter class ::: null|
[17:34:59:024]|[10-20-2015]|[com.adventnet.db.api.RelationalAPI]|[SEVERE]|[17]: haltjvm.on.dbcrash is set to [true]|
[17:34:59:024]|[10-20-2015]|[com.adventnet.db.adapter.Jdbc20DBAdapter]|[INFO]|[17]: shutDownStrings :: []|
[17:34:59:024]|[10-20-2015]|[com.adventnet.persistence.PersistenceInitializer]|[SEVERE]|[17]: DBCrashHandler [com.adventnet.passtrix.PMPDBCrashHandler] has been set to RelationalAPI.|



I also get this appearing constantly (appears to be a heartbeat check or something):

[17:38:50:869]|[10-20-2015]|[com.adventnet.db.adapter.postgres.DefaultPostgresDBInitializer]|[INFO]|[17]: pg_isready returning status :: 2|
[17:38:50:869]|[10-20-2015]|[com.adventnet.db.adapter.postgres.DefaultPostgresDBInitializer]|[INFO]|[17]: isServerRunning :: false|
[17:38:51:874]|[10-20-2015]|[com.adventnet.db.adapter.postgres.DefaultPostgresDBInitializer]|[INFO]|[17]: Command to be executed [D:\ManageEngine\PMP\bin\..\pgsql\bin\pg_isready.exe, --host, localhost, --port, 2345, --username, postgres] |
[17:38:52:748]|[10-20-2015]|[SYSOUT]|[INFO]|[274]: localhost:2345 - no response|



I'm not really sure where to go from here? One thing that I have noticed is that the GUI start / stop service options do not behave well with User Account Control.  I cannot start the service from the tray icon, as I get an "Access Denied error", and this also happens if I try to run from the start menu.  If I run it from the start menu as administrator then the service will start, but the tray icon will incorrectly state that it has not started.  Trying to start the service again I get a message stating "Unable to start to PMP server.  REASON: An instance of the service is already running". 


The critical issue is that postgresSQL isn't starting and I'm not sure why?  What can I try, or have I done something wrong?  Many thanks!

Re : PostgresSQL server failing to start after updating keystore in server.xml with new certificate

October 21, 2015, 4:13 pm
$
0
0
Hi -

I managed to fix this on my own :)

I jumped into the postgressql logs and found some errors along the lines of "no entry for ::1 for postgres in [some hba config file]".  I uncommented the line for IPv6 in this config file and now it works.  So it appears that the cause was totally unrelated to what I thought; it's just that the OS can talk to itself either on IPv4 or IPv6, and the times that it queried postgres on IPv4 it worked, whereas querying postgres on IPv6 failed.

I'll post the exact steps after I've returned to the office tomorrow.

Problems after migration

October 27, 2015, 8:10 am
$
0
0

hi,

We have PMP on old W2003 server.

I have migrated it to new W2012 server(MySQL db is local on that server) by using your instructions and bat file.

After installation-under services-I could start/stop  services, but under desktop icon the system shows me-ManageEngine Password Pro-stopped. And if I start/stop it-it shows the same.

Web-console is working.

What should we do? what to check?

Thank you


Viewing all 1872 articles
Browse latest View live
Search