Troubleshoot the CyberArk Identity Connector
This topic describes troubleshooting procedures related to the CyberArk Identity Connector.
You can send automatic, customizable notifications to specified users so you can quickly start the troubleshooting process, mitigating the impact on your organization.
Configure automatic notifications for connector failure
Email notifications for connector failure can be sent to Users, Groups, or Roles.
To configure automatic notifications for connector failure
Go to Settings > Network > Notifications, and then click Add.
Select who you want to receive notifications by selecting a User, Group, or Role, and then click OK.
Selected users, Group members, or Role members will receive an email if CyberArk Identity can't reach any of the connectors.We recommend including at least one CyberArk Cloud Directory user. If select only users that depend on the connector for authentication, you won't be able to access the notification.
Customize the connector failure message
You can customize the contents of the connector failure notification email. Refer to Modify an email template for more information.
Allow support to access connector logs
On the Connector tab of the CyberArk Identity Connector Configuration Program, select Allow support to access local connector logs to give the identity provider the ability to open the connector log files. These files can help resolve a problem and are the only files the service provider can open. The default is selected.
Change connector log settings
You can change the CyberArk Identity Connector log settings, such as the file size of logs collected on a connector host machine, the maximum number of backup files kept, etc.
To change the connector log settings
In the CyberArk Identity Admin Portal, go to Settings > Network > CyberArk Identity Connectors.
Select the checkbox for the relevant connector.
Click Actions drop down list > Change Log Setting.
Make the necessary updates.
Log file size defaults at 2MB and max number of log backups defaults to 450 entries. Changing the file size will result in smaller log.txt files and modifying the log backup counter will limit the number of log.txt entries. (log.txt, log.txt.1, log.txt.2, etc).
Re-register the CyberArk Identity Connector
The Re-register button found on the Connector tab starts the CyberArk Identity Connector configuration wizard and allows you to re-register this connector.
Re-registering a connector
Generally, you re-register the connector under the same customer ID as a troubleshooting step, typically recommended by CyberArk customer support.
Respond to disk space alerts
This procedure describes the possible cause of disk space alerts, and how to respond to the alerts. You get disk space alerts on an Active Directory member server where the CyberArk Identity Connector is installed.
The disk space alerts may be caused by the creation of local user profiles on the host machines running the CyberArk Identity Connector. The local user profile can be created for users who have never logged on to the CyberArk Identity Connector host. The profiles get created by the Directory Services API when the call for “ChangePassword” is triggered. The call is triggered when both of these conditions are met:
- User uses the self service password reset option from User Portal > Account tab.
- User has rights to “Logon Locally” to the connector host.
You can prevent the creation of local user profiles by following these procedures. These procedures will not delete the profiles already created; they only prevent the creation of more profiles.
To prevent the creation of local user profiles
Log in as an Administrator and open the Local Group Policy Editor by typing gpedit.msc in the Run box.
Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Click Allow log on locally and remove "Users" and "Backup Operators".
- Click Apply.