Verify/update local Windows account failed via Windows Proxy due to 53-ERROR_BAD_NETPATH and 1722-RPC_S_SERVER_UNAVAILABLE error

book

Article ID: 209959

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We have tried to verify or update password of a target local account on the target Endpoint via Windows Proxy in PAM (Privileged Access Manager) Client, but both are failed.

When verifying password we got the following error dialog:

PAM-CM-0759: Failed to verify password with target. If this problem persists then please ask your Administrator to investigate.

When updating password we got the following error dialog:

PAM-CM-3468: Error updating account credentials.

Here is the environment set up

We have set loglevel parameter to FINE in the Windows Proxy's cspm_agent\cloakware\config\cspm_client_config.xml and I saw the following in the cspm_client_log.txt file

When verifying password

FINE: Fri March 05 01:58:00.404 UTC 2021 CSPMAgentService::verifyWindowsAccountPassword. Agent's own hostname: winproxy.pamlab.local
FINE: Fri March 05 01:58:00.404 UTC 2021 CSPMAgentService::verifyWindowsAccountPassword. User: tgsuser1, domain: cspm_dummy_value, server: xx.xx.xx.xx
FINE: Fri March 05 01:58:00.420 UTC 2021 CSPMAgentService::verifyWindowsAccountPassword. verifying account on remote host
WARNING: Fri March 05 01:58:21.441 UTC 2021 CSPMAgentService::verifyWindowsAccountPassword. Operation not successful, message: 53-ERROR_BAD_NETPATH
INFO: Fri March 05 01:58:21.441 UTC 2021 CSPMAgentService::verifyWindowsAccountPassword. Complete verify account password
INFO: Fri March 05 01:58:21.441 UTC 2021 CSPMAgentServlet::processTask. Message to send: <?xml version="1.0" ?><eventReponse><eventId>1</eventId><statusCode>440</statusCode><errorMessage>53-ERROR_BAD_NETPATH</errorMessage><content><extended_status></extended_status></content></eventReponse>

When updating password

FINE: Fri March 05 01:58:21.488 UTC 2021 CSPMAgentService::updateWindowsAccountPasswordWithServices. Agent's own hostname: winproxy.pamlab.local
FINE: Fri March 05 01:58:21.488 UTC 2021 CSPMAgentService::updateWindowsAccountPasswordWithServices. Admin user: CSPM_Agent_Account_32, user: tgsuser1, domain: cspm_dummy_value, server: xx.xx.xx.xx, services: []
FINE: Fri March 05 01:58:21.488 UTC 2021 CSPMAgentService::updateWindowsAccountPasswordWithServices. Start update user account as admin
WARNING: Fri March 05 01:58:21.504 UTC 2021 CSPMAgentService::updateWindowsAccountPasswordWithServices. Operation not successful, message: 1722-RPC_S_SERVER_UNAVAILABLE
INFO: Fri March 05 01:58:21.504 UTC 2021 CSPMAgentService::updateWindowsAccountPasswordWithServices. Complete account password update
INFO: Fri March 05 01:58:21.504 UTC 2021 CSPMAgentServlet::processTask. Message to send: <?xml version="1.0" ?><eventReponse><eventId>1</eventId><statusCode>440</statusCode><errorMessage>1722-RPC_S_SERVER_UNAVAILABLE</errorMessage><content><extended_status></extended_status></content></eventReponse>

 

Cause

Access to TCP/445 port on Target Endpoint is blocked by Windows Firewall

Environment

PRIVILEGED ACCESS MANAGEMENT 3.3.2
Windows Proxy 4.16.2 on Windows 2016
Target Endpoint OS: Windows 2016

Resolution

Check if Windows Firewall or any Firewall in between Windows Proxy and Target Endpoint blocks TCP/445 port and rectify the Firewall configuration.

You can launch "Windows PowerShell ISE" on Windows Proxy server and run the following command to check if TCP/445 port is opened on the Target Endpoint

Test-NetConnection -ComputerName <Target Endpoint hostname/IP> -Port 445

You should see the following if TCP/445 port is not blocked
     TcpTestSucceeded : True

Attachments