Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4324: Failed X509 logins on Cloud Connector host

App Access Service ,  

12 April,16 at 11:14 AM

Applies to: Centrify Identity Service on Windows


Windows Security Event Viewer shows a tremendous amount of failed X509 account Kerberos TGT requests on the domain controller. The failed requests originate from a machine that is running Centrify Cloud Connector proxy.


This issue occurs because of a failed Cloud Connector proxy registration. The CA cert that should have been installed during registration is either missing or incorrect. To resolve this issue follow these steps to re-register:
  1. Log on to the machine that is generating the failed requests as a Domain Admin.
  2. Open the Centrify Cloud Connector Configuration Tool.
    • C:\Program Files\Centrify\Cloud Management Suite\ProxyUI.exe
  3. Go to the Cloud Connector tab and click the "Re-register..." button.
    • User-added image
  4. The Cloud Connector Configuration Wizard will pop up. Click the "Next" button to proceed with re-registering.
    • Note: When prompted to enter the admin username and password to register the Cloud Connector, enter the credentials of a user that is in a Role that has the "Register Cloud Connector" administrative right in Cloud Manager (This is usually the default Cloud Admin account).
    • For more information on Cloud Manager administrative rights, please see the following online help documentation:
      Managing roles : Creating identity platform administrators : Cloud Manager administrative rights
  5. Once the Cloud Connector is successfully re-registered, the failed requests should go away.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.