1. Password Rotation Failures
Issue: Password rotation fails for managed accounts.
Troubleshooting:
• Check if the target system is reachable from the vault server (network/firewall issues).
• Ensure that the account being used for password rotation has the correct privileges on the target system.
• Verify that the platform configuration is correct (e.g., SSH, RDP settings).
• Check the logs in PVWA for detailed error messages and use CyberArk Password Vault Web Access (PVWA) to diagnose rotation issues.
2. Connectivity Issues between Vault and Target Systems
• Issue: Inability to connect to target systems or devices.
• Troubleshooting:
• Verify that all network ports are properly opened between the CyberArk components (Vault, PVWA, CPM) and the target systems.
• Ensure the DNS configuration is correct so the target systems can be resolved by their FQDN.
• Test basic connectivity using tools like ping, telnet, or ssh to confirm communication.
• Check the vault logs for communication issues or timeout errors.
3. Session Recording Not Working
• Issue: Privileged Session Manager (PSM) not recording sessions.
• Troubleshooting:
• Confirm that PSM is properly installed and configured on the server.
• Check the session recording path to ensure it has enough disk space.
• Verify that the PSM connector is correctly defined for the specific target system (e.g., RDP, SSH).
• Review the PSM logs for any errors related to recording or access failures.
4. Authentication Failures (PVWA, Vault Access)
• Issue: Users are unable to authenticate via the PVWA or access the vault.
• Troubleshooting:
• Ensure that the user account is not locked or disabled in the vault.
• Verify that the user has the appropriate permissions in CyberArk’s vault policy and Active Directory (AD) if SSO is used.
• Check if Multi-Factor Authentication (MFA) is enabled and whether there are issues with MFA tokens.
• Check the IIS settings on the PVWA server for any web authentication issues.
• Review PVWA logs for detailed error messages.
5. Account Discovery Issues
• Issue: CyberArk fails to discover all privileged accounts within a network or system.
• Troubleshooting:
• Ensure that the Account Discovery tool has the necessary network access and permissions to scan the systems.
• Verify the credentials used by Account Discovery have sufficient privileges to access remote systems.
• Check for firewall restrictions or access control that may prevent successful scanning
Comments