Issues with Zone Provisioning Agent

Showing results for 
Search instead for 
Do you mean 
Reply
Participant III
Posts: 20
Registered: ‎11-16-2017
#1 of 3 674
Accepted Solution

Issues with Zone Provisioning Agent

Hi,

 

I have set up a ZPA and I 'm able to start it successfully. But when I run Zoneupdate <ZoneName> from Adminsitartor : Zone Provisioning Agent Command Prompt, I get the below error.

 "Error: The username or password is incorrect"

But the acoount credentials which I'm using is correct. Is there any specific configuration which I'm missing?

 

Thanks,

Niru

Centrify Guru I
Posts: 2,219
Registered: ‎07-26-2012
#2 of 3 669

Re: Issues with Zone Provisioning Agent

[ Edited ]

@Niru,

 

Usage:  Needs to be revised a bit.

 

zoneupdate.exe /u: source-group-for-users  /g:source-group-for-groups  zone name.

 

Below:

Source group for users is called: Centrify-ZPA-Users

Source group for groups is called: Centrify-ZPA-Groups

Zone name is: AutoProv

 

 

PS> .\zoneupdate.exe /u:Centrify-ZPA-Users /g:Centrify-ZPA-Groups AutoProv
===== AutoProv ===== Deprovisioning groups... [Nothing to do] Provisioning groups... [Nothing to do] Deprovisioning users... [Nothing to do] Provisioning users... [Nothing to do]

 

Troubleshooting:

Use the Event log.

zpa-logs.PNG

 

If there's an issue with the service account, you'll see this in the SYSTEM log:

zpa-logonfailure.PNG

 

Service Account Permissions and Zone Delegation

  • The service account must have a the log on as a service right (Windows req.)
  • The service account must have the delegated rights to add, remove and change user and group objects in the target zone.

Service issues are viewable in the event log.  Delegation issues are viewable in the Centrify Zone Provisioning Agent log.

 

BTW... Why are you using ZoneUpdate?

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant III
Posts: 20
Registered: ‎11-16-2017
#3 of 3 666

Re: Issues with Zone Provisioning Agent

Hey Rob,

 

Thanks for all the information. I had not done the zone delegation so was not able to pull the users on to the zone.

I was using the ZoneUpdate command in  "Zone Provisioning Command Prompt"  to  basically check and verify if the users were provisioned.

 

Appreciate all your help.

 

Thanks,

Niru