4 Replies Latest reply on May 28, 2008 2:40 AM by pshankland

    Credentials Problem

      I have added a Windows credential within IPM9 as obviously want to use it on a lot of Windows servers to return WMI etc. Unfortunatly, when I goto the Credential List I get the following error:


      "The current network account running ipMonitor does not have permission to use the public key / private key required to decrypt the secure file. This occurs when the service account is set through the control panel and not the ipMonitor config program. To correct this issue, reset the service account with the ipMonitor config program."


      I have gone through the IPM config program and the service is running as LocalSystem and I have not changed this through the control panel / services.


      Any ideas why I get this message?


      Thanks.

        • Re: Credentials Problem
          Fodome

          Hi pshankland,


          Using the ipMonitor Configuration program, try switching the user account from LocalSystem to a different Windows account.  After you OK everything, reopen the Configuration program and switch it back to "LocalSystem".   If this fails to help, I recommend opening a support case using the following form:


           http://support.solarwinds.com/support/default.cfm


          Chris Foley

            • Re: Credentials Problem

              Thanks for the reply. I have created a new local user on the server called ipMonitor and added it to the Administrators group. I have then gone through the IPM config and changed the user account to ipMonitor for the service. I then get the following dialog box:


              The user account for the ipMonitor service may not have sufficent Access Rights to the following:
              - ipMonitor 9.0 Credentials Database's Encryption Keys
              - "HKLM\Software\Microsoft\SystemCertificates\My" registry key
              - Access to the private / public key pair used by the SSL certificate


              Would you like to add these rights for user account [ipMonitor]?


               I have then press Yes to this and get the following:


              Failed to set security permissions for the user account


              I can log a support call but do you have any other suggestions?


              Thanks.

                • Re: Credentials Problem
                  Fodome

                  Pshankland,


                  Did you then set it back to "LocalSystem"?  After doing this, login and see if the Credentials List page is still returning this error.  If it does, follow these instructions.  They work every time, however, you will have to reinitialize all of your Credentials:


                  1.  Stop the ipMonitorSrv service from the Services Applet.


                  2.  Open the ".\ipMonitor\config\cred" directory and delete the "credentials.db" file.


                  3.  Open the ipMonitor Configuration utility but do not start the service.


                  4.  Click on "Service Settings", select "LocalSystem" and save the changes but do not start the service.


                  5.  Open a "cmd.exe" prompt, navigate to the ipMonitor directory and enter


                  ipm9config -firstrun


                  Click the "Next" for each stage of the first run wizard, unless you are prompted to enter information when "Next" is clicked.  


                  6.  After the "first run" wizard completes, open the ipMonitor Configuration utility, click "Service Settings" and select "This Account" if the service should run under a specific account.  Save settings and click "Yes" to add any required permissions.


                  7.  Start the ipMonitorSrv service if it is not currently running from the Services Applet.  


                  8.  Log in to the web interface, click on "Security" and select "Credentials Manager" and verify that the warning message above the Credential list is absent.


                  9.  You will need to re-initialize each credential by clicking on the "Credential Name" and performing the following actions.
                   a.  Click the "Re-initialize" button.
                   b.  Under Sensitive Data, click "Enable" for the "Account" and enter the account.  Be sure to use the format DOMAIN\username if a domain account is impersonated.
                   c.  Click "Enable" for the "Password" field, then enter and verify the password.
                   d.  Click "OK" at the bottom of the window to save.


                  10.  Restart the ipMonitorSrv service to verify that Credentials database access is retained.


                  Hope this works for you.


                  Chris Foley