Issues with Zone Provisioning Agent
03-01-2018 01:52 PM
I have set up a ZPA and I 'm able to start it successfully. But when I run Zoneupdate <ZoneName> from Adminsitartor : Zone Provisioning Agent Command Prompt, I get the below error.
"Error: The username or password is incorrect"
But the acoount credentials which I'm using is correct. Is there any specific configuration which I'm missing?
Solved! Go to Solution.
03-01-2018 02:13 PM
Usage: Needs to be revised a bit.
zoneupdate.exe /u: source-group-for-users /g:source-group-for-groups zone name.
Source group for users is called: Centrify-ZPA-Users
Source group for groups is called: Centrify-ZPA-Groups
Zone name is: AutoProv
PS> .\zoneupdate.exe /u:Centrify-ZPA-Users /g:Centrify-ZPA-Groups AutoProv
===== AutoProv ===== Deprovisioning groups... [Nothing to do] Provisioning groups... [Nothing to do] Deprovisioning users... [Nothing to do] Provisioning users... [Nothing to do]
Use the Event log.
If there's an issue with the service account, you'll see this in the SYSTEM log:
Service Account Permissions and Zone Delegation
- The service account must have a the log on as a service right (Windows req.)
- The service account must have the delegated rights to add, remove and change user and group objects in the target zone.
Service issues are viewable in the event log. Delegation issues are viewable in the Centrify Zone Provisioning Agent log.
BTW... Why are you using ZoneUpdate?
03-01-2018 02:39 PM
Thanks for all the information. I had not done the zone delegation so was not able to pull the users on to the zone.
I was using the ZoneUpdate command in "Zone Provisioning Command Prompt" to basically check and verify if the users were provisioned.
Appreciate all your help.