CCS Agent-based data collection job is trying to use saved credentials that are set up for agentless scanning.
Article ID: 272943
Updated On:
Products
Issue/Introduction
Control Compliance Suite (CCS)
When running a data collection job on a CCS agent, if there are domain or asset credentials already configured in the CCS console for agentless data collection, those credentials will be sent to the agent as if it were running an agentless data collection instead of using the CCS agent to perform the scan.
It may eventually time out with the following error if the credentials set up in the CCS console fail:
Authentication failed for user [ <domain>\<username> ]. Error : The user name or password is incorrect.
ORAuthentication failed for user [ <domain>\<username> ]. Error : Logon Failure: the user has not been granted the requested logon type at this computer.
Environment
Release: CCS 12.6.x
Cause
If CCS common credentials have been set up for a Windows domain for agentless scanning, and a data collection job is run on a server that has a CCS agent installed that is in that Windows domain, CCS will send the user credential with the scan even though there is an agent on that server.
Resolution
You can set the CCS agent to ignore any credentials that might be sent with a job and just use the CCS agent to collect the data or query.
NOTE: This setting change only will ignore credentials for the OS data collections; Oracle or MSSQL scans on this server will still accept Oracle and MSSQL credentials set in the CCS console for those specific types of scans.
-
In the CCS console, right-click on that agent and select 'Agent Settings'.
-
Select the bullet point 'Fetch configuration parameters from agent'
-
Scroll down to the 'RBC_USE_PROCESS_CONTEXT' and change the value from 1 to 2.
-
Check the box 'Restart agent after setting configuration parameter' in the lower left.
-
Click OK
Feedback
