Password Capture Agent - unable to kill jobs

PCA installed on fresh DC and configured with OneIM 8.1.5

Resetting passwords is working but we are unable to delete jobs from PCA queue with the following error. We are getting the same error while trying to read value of the parameter.

Tested on PCA running on system account and normal AD account.

C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" DELETE:'2022.02.09 14:14:24.287'
Set-ServiceConfig: Error:
System-Code: 5 (0x5)
Initializing failed:
Could not impersonate to system account:
TokenGetSystemProcess() failed!
Thread: <Main>-Thread (8864)

C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" DELETE:*
Set-ServiceConfig: Error:
System-Code: 5 (0x5)
Initializing failed:
Could not impersonate to system account:
TokenGetSystemProcess() failed!
Thread: <Main>-Thread (2076)

Parents
  • Which Windows version is this (including build number please)?

  • OS Name Microsoft Windows Server 2019 Standard
    Version 10.0.17763 Build 17763

    (GUI version, not CORE)

  • Thank you. And what version does the PCA have? You need at least 2.0.1.0 as far as I know.

    In addition, is the user used a privileged user?

    Found this in the documentation:



    NOTE: Retrieving secured configuration parameters requires a privileged user account.
    The process used to query for secured configuration parameters must be elevated to
    retrieve parameter values

  • PCA version: 2.0.1.6

    Tested on system account and regular user account with domain admin privilege.

    CMD opened as Administrator

  • Does the list job option work? According to the integrated help of set-serviceconfig, the command should be DeleteJob and not Delete. (Just a try)

  • yes, there is a mistake - we are trying deletejob, we are getting the same error while trying to get or set value of the parameter

    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" DESCRIBE:WebServiceClientSkipHttpsValidation
    Configuaration parameter 'WebServiceClientSkipHttpsValidation':
    Name: WebServiceClientSkipHttpsValidation
    Possible values: 0;1
    Default value: 0
    Corresponding installer property: PROP_WEB_SERVICE_CLIENT_SKIP_HTTPS_VALIDATION
    Description: If enabled, https connections will be established without validation. This is potentially insecure.
    Present in installer GUI: Yes
    Write only (read out not allowed): No
    Read only (setting not allowed): No
    Public in registry: No
    Hint:
    Comment:
    
    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" GET:WebServiceClientSkipHttpsValidation
    Set-ServiceConfig: Error:
    System-Code: 5 (0x5)
    Initializing failed:
    Could not impersonate to system account:
    TokenGetSystemProcess() failed!
    Thread: <Main>-Thread (192)
    
    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" WebServiceClientSkipHttpsValidation:1
    Set-ServiceConfig: Error:
    System-Code: 5 (0x5)
    Initializing failed:
    Could not impersonate to system account:
    TokenGetSystemProcess() failed!
    Thread: <Main>-Thread (3248)

Reply
  • yes, there is a mistake - we are trying deletejob, we are getting the same error while trying to get or set value of the parameter

    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" DESCRIBE:WebServiceClientSkipHttpsValidation
    Configuaration parameter 'WebServiceClientSkipHttpsValidation':
    Name: WebServiceClientSkipHttpsValidation
    Possible values: 0;1
    Default value: 0
    Corresponding installer property: PROP_WEB_SERVICE_CLIENT_SKIP_HTTPS_VALIDATION
    Description: If enabled, https connections will be established without validation. This is potentially insecure.
    Present in installer GUI: Yes
    Write only (read out not allowed): No
    Read only (setting not allowed): No
    Public in registry: No
    Hint:
    Comment:
    
    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" GET:WebServiceClientSkipHttpsValidation
    Set-ServiceConfig: Error:
    System-Code: 5 (0x5)
    Initializing failed:
    Could not impersonate to system account:
    TokenGetSystemProcess() failed!
    Thread: <Main>-Thread (192)
    
    C:\WINDOWS\system32>"C:\Program Files\One Identity\One Identity Manager\Password Capture Agent\Service\Set-ServiceConfig.exe" WebServiceClientSkipHttpsValidation:1
    Set-ServiceConfig: Error:
    System-Code: 5 (0x5)
    Initializing failed:
    Could not impersonate to system account:
    TokenGetSystemProcess() failed!
    Thread: <Main>-Thread (3248)

Children