KB-10950: MFA failing after changing Centrify Connector service account

Tips for finding Knowledge Articles

- Enter just a few key words related to your question or problem
- Add Key words to refine your search as necessary
- Do not use punctuation
- Search is not case sensitive
- Avoid non-descriptive filler words like "how", "the", "what", etc.
- If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
- Minimum supported Internet Explorer version is IE9

Home >

KB-10950: MFA failing after changing Centrify Connector service account

Product:

Authentication Service ,

Published:

30 August,18 at 08:27 PM

Rating:

Problem: MFA was working but is no longer working after changing the service account running the connectors.

Cause: By default the connectors run under Local System which has the correct permissions and SPNs to validate the certificates. If using a service account this might no longer be true and the below regedit will need to be added to the connector machines.

Resolution:

On the connector machines expand Regedit: HKEY_LOCAL_MACHINE>SOFTWARE>Centrify>Cloud
1. Add a String value type registry key:

Name: winAuthSvcClientCredType

Data: Windows

2. Add these two SPNs in Active Directory to the service account running the Centrify Connectors

HTTP/account
HTTP/account.mydom.com

3. Restart the Cloud Connector service on each connector machine

KB-10950: MFA failing after changing Centrify Connector service account

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES

Related Articles

KB-10950: MFA failing after changing Centrify Connector service account

Related Articles

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES