search cancel

How to recreate the user canonprv if it is deleted from the OS by mistake.


Article ID: 21385


Updated On:


CA Client Automation - IT Client Manager CA Client Automation


Operating System Installation Management (OSIM) requires a local user "canonprv" on every boot server. 

This user is used when OSIM is configured in share mode. The BootImage uses "canonprv" to connect to the OS Image share and copy the OS install files to the target PC.

The password for this user is controlled by the Boot Server and is changed daily. The password is encrypted and stored in the comstore.

Only the boot server can change the password.

If the user is deleted by accident, and then recreated, control of the password needs to be handed back to OSIM before the functionality is restored.


Client Automation - All versions


This document describes how to recreate the "canonprv" user and hand control of the password back to OSIM.

Use the following procedure to recreate the canonprv user:

  1. sdbsswitch -t

  2. create a new canonprv user in Windows with password [email protected] (ensure you uncheck all boxes)

  3. cd to "C:\Program Files\CA\DSM\osimips\os-template\updates\winpe30\i386\ca-osim"

  4. run the command
    canet crypt canonprv [email protected]

  5. Copy the encrypted output

  6. run the command
    ccnfcmda -cmd getparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd

  7. run the command
    ccnfcmda -cmd setparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd -v <password>
    where <password> = the encrypted password copied in step 5

  8. run the command
    ccnfcmda -cmd getparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd
    and verify that the value was updated

  9. sdbsswitch -s

After this the shares will have been recreated with the correct permissions for canonprv, the password for canonprv will also have been changed. This can be verified by running the getparametervalue again. The boot server automatically changes the password for security reasons.