Troubleshooting

The troubleshooting options below guide you through the main issues you may experience when implementing the Mac Credential Provider.

The Mac Credential Provider failed to start

Problem:

During Mac Credential Provider startup, the following message is displayed in the system log:

"Provider failed to start. The specified Provider port in the local_appprovider.conf is currently being used by another Provider instance or by another application."

Solution:

Verify that no other process of the Mac Credential Provider is running. If the port is being used by another application, specify a different port for the Mac Credential Provider in the local_appprovider.conf file.

A cache refresh request failed

Problem:

When trying to refresh a password in the cache, the request fails and the following message is displayed in the trace log:

"RefreshCache: Central Credential Provider remote exception. Error: Connection refused: connect."

Solution:

Verify that the IIS is up and running, or browse to the URL specified in the AIMCentralCredentialProviderURL parameter in the local_appprovider.conf file.

A password request failed: connection refused

Problem:

When sending a password request to the Mac Credential Provider, the request fails and the following message is displayed in the trace log:

"Failed to call the Central Credential Provider https://1.1.1.1/aimwebservice/aim.asmx. (Error java.net.ConnectException: Connection refused: connect)":

Solution:

Verify that the IIS is up and running, or browse to the URL specified in the message.

A password request failed: unable to process request

Problem:

When sending a password request to the Mac Credential Provider, the request fails and the following message is displayed in the trace log:

"System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> CyberArk.AIM.NetPasswordSDK.Exceptions.PSDKException: PDKTC006E Failed to connect to provider (Reason=[connect command failed])"

Solution:

Verify that the Central Credential Provider is running.

A password request failed: CCP call fail

Problem:

When sending a password request to the Mac Credential Provider, the request fails and the following message is displayed in the trace log:

"Failed to call the Central Credential Provider https://hostName/aimwebservice/internal/v1.1/aim.asmx. (Error java.net.UnknownHostException: hostName)"

Solution:

Verify that the AIMCentralCredentialProviderURL parameter in the local_appprovider.conf file is correct and can be accessed. The basic_appprovider.conf file is located on the CCP machine at the following path:

C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\basic_appprovider.conf

A password request failed: PW fetch

Problem:

When sending a password request to the Mac Credential Provider, the request fails and the following message is displayed in the trace log:

"Provider [Mac1] has failed to fetch password with query [object=DB] for application [app]. Fetch reason: reason1 [Request f4d46353-98a1-4f5f-a844-a862997640ad]. Failure reason: [APPAP302E Remote provider requests are not supported. The RemoteProviderType parameter is not specified in the basic_appprovider.conf file]"

Solution:

In the basic_appprovider.conf file, specify the RemoteProviderType parameter for the Central Credential Provider.

A password request failed: SSL

Problem:

When sending a password request to the Mac Credential Provider, the request fails and the following message is displayed in the trace log:

"Failed to call the Central Credential Provider 1.1.1.1/AIMWebService/internal/v1.1/aim.asmx" class="external-link" rel="nofollow">https://1.1.1.1/AIMWebService/internal/v1.1/aim.asmx. (Error java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)"

This message indicates that the Web Service is configured to use SSL, while the Mac Credential Provider is not.

Solution:

Verify that both the Web Service and the Mac Credential Provider are configured to use SSL.