Applied to: Centrify Privilege Access Service
After machines are added to the Centrify Privilege Acess Service (PAS) portal by discovery, when trying to perform "cenroll" with Centrify agent on Linux, it will fail with the following error:
Failed to enroll in Centrify identity platform: Failed to update agent
Verbose: Details: Failed to update agent
If the computer is joined and added to PAS by discovery. Cenroll will fail due to conflict unique ID although specifying other non-existent resource name.
Machine that was previously domain joined with Centrify Authentication Service (adjoin) will have an AD computer object existing in AD, and CPS discovery will add system objects (aka. resource) to PAS for computer objects "discovered" from AD. As Centrify needs a way to avoid creating yet another system object on PAS when the adjoined machine also enrolls to identity platform.
Please grant the user that performing cenroll command to have "Grant", "Edit" and "Delete" permission on the targeted machine, then try the cenroll command again. As these are the permissions for the principal to become a resource owner.