It has been noticed that when trying to add local Windows accounts to the PAS admin portal using a discovery job, some of the accounts are not getting added. Troubleshooting has revealed that the required firewall ports between the Connectors and the systems are open and the discovery account has sufficient administrative permissions over the system that contains the accounts.Cause:
Remote Registry Service has not been enabled. Solution:
Please ensure that this service is enabled and running on the Windows systems that contain the accounts. The steps to do this are below:
1) Go to Start > Control Panel > Administrative Tools > and open the Services.msc console:
2) Look for the Remote Registry service and ensure the startup type is set to "Automatic" or "Manual" and start the service.
3) Try again to run the discovery job and the accounts on that system should now get picked up.The additional requirements for Port Scanning Discovery jobs to be successful:
- Open firewall.
- Group Policies.
- Discovery account must be a local admin.
Note: One way to achieve this for systems that are joined to Active Directory is to use a discovery account that is a member of Domain Admins.
- The Centrify Connector that is used for discovery through port scanning must be on version 18.6 or newer. By default, all connectors are used for discovery. Contact Centrify Support to specify the use of specific connectors for discovery.
- Port scanning requires IPv4 addresses.