Configure failover provisioning server into Password Sync Agent 64
search cancel

Configure failover provisioning server into Password Sync Agent 64

book

Article ID: 267133

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

The documentation provided: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/password-management/synchronizing-passwords-on-endpoints/password-synchronization-on-windows.html

Is for a 32-bit Password Sync Agent, 64-bit agent won't allow setting failover server directly from GUI.

Environment

Release : 14.4 CP2

Resolution

Follow https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/password-management/synchronizing-passwords-on-endpoints/password-synchronization-on-windows.html except for highlighted steps:

 

Follow these steps:

  1. Locate the Identity Manager  installation media.
  2. Browse to \Agent\PasswordSync-x64.
  3. Run setup.exe.
  4. In the InstallShield wizard, accept the license agreement. The option I accept the terms in the license agreement is enabled only after reading and clicking at the end of the agreement.
  5. Respond to the Configuration Wizard as follows:
    1. In the Host name field, enter the name (IP or hostname) of the Provisioning Server system.
    2. Change the port as required if your Provisioning Server installation uses a non-default port. The suggested LDAP port that is used to connect to the Provisioning Server is 20390.
    3. Click the Find domain button to retrieve the Provisioning Server Domain.
    4. If your Provisioning Server installation is configured for failover follow the on-screen instructions to add a comma separated list of servers.
    5. Click Next.
    6. In the Administrator field, enter etapwsad as the default global user name for the Password Synchronization Agent. This user must have the PasswordAdministrator profile. It does not exist by default.
    7. In the Password Administrator field, enter the password of the Administrator.
    8. Click Next.
    9. From the Endpoint Type drop-down list, select the Endpoint Type of the host on which you are installing the Agent.
    10. From the Endpoint Name drop-down list, select the Endpoint name that was used when creating the endpoint in the User Console.
    11. Click Configure.
  6. Click Finish when prompted to complete the installation and reboot.
  7. Go to eta_pwdsync.conf file located by default in: <instalation folder>CA\eTrust Admin Password Sync Agent\data\eta_pwdsync.conf.

Follow the instructions in the file, and add a second failover server in "servers=

[Server]
;; You can configure failover to multiple Admin Servers servicing the same Admin Domain by
;; entering a comma seperated list of server and host values such as:
;; server=ldaps//server1:20390, ldaps://server2:20390
;; host=server1, server2
;; 'Remote' mode allows connection to IM PS in the cloud deployment, where connection is done to a remote
;; server by going through the on premise ConnectorServer
admin=etaadmin
admin_suffix=dc=im
servers=ldaps://XXX.XXX.XXX.XXX:20390
remote_server=no
host=XXX
password={3DES}/XXXXXXXXXXXXXXXXX

TO:

[Server]
;; You can configure failover to multiple Admin Servers servicing the same Admin Domain by
;; entering a comma seperated list of server and host values such as:
;; server=ldaps//server1:20390, ldaps://server2:20390
;; host=server1, server2
;; 'Remote' mode allows connection to IM PS in the cloud deployment, where connection is done to a remote
;; server by going through the on premise ConnectorServer
admin=etaadmin
admin_suffix=dc=im
servers=ldaps://XXX.XXX.XXX.XXX:20390, ldaps://YYY.YYY.YYY.YYY:20390
remote_server=no
host=XXX
password={3DES}/XXXXXXXXXXXXXXXXX

Save the file. Done.

Powered by Wolken Software