Credential Rotation Task Troubleshooting

If you encounter issues during the setup or execution of the password rotation task, consider the following common problems and solutions:

AD Admin User and Domain User Setup Issues

• Problem: The password rotation task fails due to missing or misconfigured AD Admin or Domain User.

• Solution: Create at least one Domain Admin user with the appropriate permissions to configure password rotation for other users. Also, create at least one Domain User, either an admin or a standard user. The task does not function properly without these users.

Application Setup and Service Configuration

• Problem: Application setup fails to connect to Active Directory.

• Solution: Verify that the Host name of the application exactly matches the AD host name. Also, confirm that LDAPS or LDAP services are correctly selected and configured. In the Launch Via - Protocol setting, ensure that TCP is chosen, as this is necessary for proper communication between the application and AD.

On-Demand Rotation Not Functioning

• Problem: Users cannot manually rotate the password on demand.

• Solution: Check that the Allow on-demand rotation option is selected in the rotation policy. With this option disable, users cannot initiate password rotations on demand.

FAQ

• Can I use the AD Credential Rotation Task in any version of VPAM?

  No, this feature is only available in version 25.1.3 or newer instances.

• Can I configure the AD Credential Rotation Task without an Active Directory?

  No, you must have an Active Directory to be able to rotate your user’s passwords.

• Is this feature available in other PAM applications?
  For the moment, this feature is only available in Vendor Privileged Access Management.