Centrify Identity Service on WindowsProblem:
Windows Security Event Viewer shows a tremendous amount of failed X509 account Kerberos TGT requests on the domain controller. The failed requests originate from a machine that is running Centrify Cloud Connector proxy.Resolution:
This issue occurs because of a failed Cloud Connector proxy registration. The CA cert that should have been installed during registration is either missing or incorrect. To resolve this issue follow these steps to re-register:
- Log on to the machine that is generating the failed requests as a Domain Admin.
- Open the Centrify Cloud Connector Configuration Tool.
- C:\Program Files\Centrify\Cloud Management Suite\ProxyUI.exe
- Go to the Cloud Connector tab and click the "Re-register..." button.
- The Cloud Connector Configuration Wizard will pop up. Click the "Next" button to proceed with re-registering.
- Note: When prompted to enter the admin username and password to register the Cloud Connector, enter the credentials of a user that is in a Role that has the "Register Cloud Connector" administrative right in Cloud Manager (This is usually the default Cloud Admin account).
- For more information on Cloud Manager administrative rights, please see the following online help documentation:
Managing roles : Creating identity platform administrators : Cloud Manager administrative rights
- Once the Cloud Connector is successfully re-registered, the failed requests should go away.