Hardening of PMP SSL/TLS configuration
My site is in the process of hardening all of our services that require authentication. I upgraded our PMP install to version 8.1 (8101) and I configured it with a globally trusted certificate. I then ran a nmap scan against the install for the script ssl-enum-ciphers on the port 7272. Much to my surprise, it reported back that SSLv3 ciphers are turned on. The results were: PORT STATE SERVICE VERSION 7272/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1 | ssl-enum-ciphers: | SSLv3:
ssh.noscroll=true Option (vi command - edition mode) - Problems
Hi, I´m using the version of Password Manager Pro below: Version : 8.2.0 Build Number: 8200 When I use SSH Auto-Logon and need to edit some file with vi or vim, using the option ssh.noscroll=true configured I can go back to the initial line only if I use the directions key or page up/page down because the scroll is disabled difficulting administration (difficulting the display of the previous lines) and when I use ssh.noscroll=false for any key pressed the line goes to the end of file preventing
Scheduled task not updated and cannot be discovered when it is using a local account
Some of our servers have scheduled tasks running as the local admin password. I've added the server as a resource and I've added the local admin account as an account and verified that the password is in sync. If I select the account and click "scheduled task" PMP checks if any scheduled tasks are running using the account. it says there are no tasks running. There is a task scheduled on the server but when I reset the local admin password the scheduled task is not updated and fails. Am I doing
Automated import of resources
Is there a way to automate the importing of resources from Active Directory? Ideally we'd like to have PMP reach out to our AD on a scheduled basis and pull in any resources in a select OU.
Password Manager Pro - pmp_key.key
I would like to know, when PMP starts up and accesses pmp_key.key which is stored on a remote server as advised during setup. What are the credentials it is using to access this key [pmp-key.key] during startup. I know this key is used to secure the PWs & other sensitive info in the PW db. Can someone explain this process a little deeper to me. thanks
Bulk Configure Resource Fields
Is there any way to modify the contents of a field such as 'Location' for a whole group of resources?
Account targetted bulk reset
I am trying to configure resets for one administrator account that we have on all of our servers without effecting any other potential local administrator accounts. For example: we have an admin account called admin1 on all of our servers. I know I can create a resource group that will contain all systems containing the user admin1. But doing this if there is another local administrator account, admin2 for example, on the box it will also show up under the systems. So a bulk reset would hit both
Services to Monitor
I just started to work with PMP and would like to monitor this server. What services should I be monitoring & also what service should I monitor for the website, which right now is strictly internal. Should it be just http, or does java have to be monitored also. Also what about Postgres DB, I would like to monitor that. Thanks
Password Special Characters
Does anyone know what special characters Password Manager Pro accepts as valid characters? I have a website that only accepts @, $, !, * and the password policy is setup to only exclude certain special characters. It would be a nice feature to be able to set the policy the other way around and only accept these special characters.
Limit password access to resource groups by user group
Is it possible to setup a configuration so that members of certain user groups can only view the passwords of certain resource groups but not others?
Resource import - filtered by IU not working
I've just done a resource import using AD. 1. The documentation is incorrect how to do this has changed, It's now done using a button labelled 'Discover Resources' 2. You should be able to restrict import to a specific OU but when I did this it imports all computers into PMP 3. There does not appear to be a way of stopping the import once it starts 4. Now I have 1000s of computer objects I do not want in PMP It's not clear how to input an OU, logically it should be the full DN but there is a note
how to delete machine resources userID in a bulk
Is there a way we can delete the bulk userID under resource? Thanks,
Discovering Resources Issue
When setting up our system I went through and discovered all of our Windows devices so that the resources would be available to all Password Administrators. What I'm encountering is that the admins don't see the resources, and when they try to discover, or add manually, it states the resource already exists and they can't see it. In reverse testing I see the same thing when a Password Admin discovers a resource, the System Admin can't discover it. This can't be by design, I can't imagine that the
Version 8.1 to 8.2 Update Pack fails to install
I am running build 8102 on Windows Server 2012 R2, PostgreSQL database, and am unable to apply the update pack. I get the following message in the command window from where I launch the Update Manager: Error occurred :: Irrevertable exception occurred. I am logged into the server with an admin account, and launch the command window as administrator. The current installation appears to run OK, so it does not appear to have broken anything, it just fails to install.
Password Manager Stop Service
Hi, i'm having a problem when i try to start PMP services, after a few second of being started PMP Service is stopped. i've tried to install in others servers but the problem is the same. I attach the logs. Regards.
OS platform for installing PMP
Dear All Is it possible to install Password Manager Pro on RHEL 6.5 or later ? what about CentOS ? is there any difference between 32 and 64 architectures ? I'd really appreciate if you help me through this . Regards Fatemeh
password integrity reports false positive
Hi! I have 8200 installed on Linux. I use PMP to verify password integrity of multiple servers. I always have false positive in the report. Report will tell me that root or another user password in not good on server1. But password is fine. I have this problem since version 6800. Now at 8200 and still the same problem. One thing, the false positive are not always the same ressource. It can vary from day to day.
new installation on the same sever
Dear All I want to have a fresh installation(latest version of PMP) on new path with a new license file(Enterprise) on the same server as my previous installation was. and I want to restore backup data of 7104 version on my new installation. I am wondering what is the best solution for it. I would appreciate any help . Regards Fatemeh
Find resource group from resource name
Given a resource name, how do I find what resource group that resource belongs to ? When I perform a search on the resource name, the resource is returned with all of the information associated with that resource, but I don't see the resource group for that resource on the search results page. I know that I can go through each resource group and search for the resource, but that is very tedious given a large number of resource groups and resources in our environment. Basically, I'm looking for an
Upgrade from 6903 to 7000 fails
When upgrading a 6903 PMP running on CentOS from 6903 to 7000 the following error occurs. Installing unpack.bat 100% Could not start Postgres database, The port 2345 is in use. Trying to start PostgresSQL server failed Error Occurred File ./Patch/ppm.err Error occurred :: Irrevertable exception occurred Before the upgrade I veriefied the pmp service and postgressql whre stopped. Also netstat -an did not show port 2345 listening. ppm.err file only indicates to contact support team. Please advise.
PMP - Google Authenticator with old authenticator code
Hi, I an trying PMP with Google Authenticator. It is very nice and easy to use for admin and users. Great job! It will more better if user couldn't use old authenticator code to authen. Sample first time they use with authenticator code 035540 when 2 minute more they still can use that authenticator code to access console. Is there a way to fix this problem? Thanks a lot!
Changing the password expiry date on any of the interactive field without altering the password policy.
We have upgraded PMP to 8.2, required assistance on urgent basis to change the password expiry date on any of the interactive field without altering the password policy.
(0x424) Password Manager Pro Services
I cannot start PMP and I keep getting this message: he Password Manager Pro service is not installed - The specified service does not exist as an installed service. (0x424) Can anyone help with this. Thanks
How many resources can PMP manage
Hi I am looking for an enterprise solution that must be fit for purpose to manage 5000-10000 endpoints. For instance we would like to manage all local admin passwords for all our Windows 7 and Windows Server 2008 machines within our global organisation. Is this tool the right tool and how does it compare to the SANS based powershell scripting method to do same. we would then look to expand to other resources i.e. SQL db, network devices etc thanks in advance
Security Questions Regarding PMP build 6900
Hi, I've received the results of a recent security scan in my environment and it is reported that PMP on port 7272 has Weak and Medium SSL cipher suites supported. Is there way to disable these so as to use only strong/high cipher suites? The same scan reports port 7273 supports directory transversal and insecure TLS renegotiation. Is this port required for anything and if not how can I disable it? If it is required is there a way to disable the above mentioned support? Thanks
HA sync along with Live Backup
Dear all did anybody implemented both 1) the HA sync along with 2) the live backup with PostgresSQL? I'm using 8.2. The documentation is not clear if this can be done. About the Live Backup, it mention the mysql configuration, and I guess it's the same for PostgresSQL. Thanks for your help Best regards stefano
Unable to add account after upgrade to 8.2 (Build 8200)
I am not able to add account to any resources after the upgrade PMP is throwing an error: <div part="REPONSE_STATUS" class="hide">__ERROR__</div>
<div part="STATUS_MESSAGE" class='hide'><table border=1><tr><td><b>Cisco Accounts - <\/b><\/td><td>1<\/td><\/tr><\/table></div> Regards Max
AS400 Password Verify & Reset not working after Upgrading to build 8102
Greeting ManageEngine, We where running on build 7105 and recently upgraded to build 8102 for the security reasons. Then, we realised that Password Verify operations are no longer working after the upgrade, for resource type IBM AS400. The operation returns the result "Password not in sync", even though with the same password stored in PMP you can manage to successfully login to the actual resource (telnet via Auto Logon Helper, or manually). As for the Remote Password Reset operations for AS400,
Upgrade problem
Hello, Im trying to upgrade from 6.7 to 6.8. But the upgrade fails, can anyone point in in a direction on where I can see more output on what can be wrong? The file ppm.err only tells me "Some exception occurred during previous patch installation / uninstallation. Please contact support team." See below. /opt/PMP/bin# ./UpdateManager.sh -c -h /opt/PMP/ Press i to Install v to View installed ServicePack versions e to Exit Choose an Option:i Enter the patch file to install:/opt/ManageEngine_PasswordManager_Pro_6700_6701_6800_6801_to_6802.ppm
moving from 32-bit linux to 64-bit Linux...
I have an existing PMP install on a 32-bit version of Linux using postgresql as the backend. I've now re-installed the 64-bit version of PMP on a 64-bit Linux server and would like to migrate the database over. So far, I've had no success. I was able to save an offline backup of the existing database and copy this file over to the new server. However, every time I try to do a restoreDB, I get errors relating to problems with connecting to the new database. I've tried running the restoreDB with
How to configure PasswordManager Pro 7.0 to not use SSL3 (POODLE attack)?
Our PasswordManager Pro 7.0 application installation flunks the POODLE vulnerability test (successfully handshakes with SSL3 protocol). I used the: openssl s_client -state -nbio -no_ign_eof -connect <host>:443 -ssl3 test to validate that SSL3 handshake was successfully negotiated: openssl s_client -state -nbio -no_ign_eof -connect <server>:443 -ssl3 Loading 'screen' into random state - done CONNECTED(00000134) turning on non blocking io SSL_connect:before/connect initialization SSL_connect:SSLv3
difficult to edit file used VI command
Dear Team, It is very difficult to edit file used VI command. After open the file , scroll jump to down of the desktop
Controlling the import of resources from AD
When adding Windows resources using PMP discovery it brings in all of the local user accounts. There does not appear to be any way of controlling which accounts are imported. It imports the guest account which is disabled. This means when we check the passwords are in sync this cannot be verified which means I get a failure audit point for every Windows resource in the system. Yes I can edit the resource once it's imported but then on the next sync the guest account is added back in! Ideally
Domain controller offline. How to change
Hi We have DC (which set in PMP) is offline So, we can't login to PMP. How to change DC without login to PMP? Local account lost. BR Dmitry (Same for DeskCentral)
PMP 8.2.0 - Problem to add a new account on Resource
Hi team! After the upgrade to PMP 8.2.0 if I try to add a new account on an existing Resource I receive the error attached. But if I create a new resource with multiple accounts the error do not occurs.
Built-in admin account password complexity
Is the built-in admin account really limited to an 8-character password? It seems a bit strange that the software to which we might entrust the security of all our passwords would itself be limited to using a weak password.
Edit Password Policy hangs
Hello, I am trying to edit the password policy on a custom policy I've created. When trying to add characters to the "Characters not allowed" field it seems to hang when I try to save the policy using certain characters (<>: for example). Are certain characters not allowed in this field?
Verify Password Unreliable
The verify password function is proving to be incredibly un reliable. It works one minute and then it doesn't work. It will work for some account in a resource and not for others. This is becoming quite frustrating. I'm trying to document how our password admins should be adding resources, testing and resetting passwords and one minute it is fine and everything works then randomly it stops. For example I added a windows resource and the local administrator account and force a password reset
Linux resource discovery...
I'm just starting to work with PMP, but I'm scratching my head over this: PMP uses TELNET as the remote connection mode to discover the Linux/Unix type of devices.We have hundreds of Linux workstations and servers, but not ONE of them is running a telnet server or allowing access on port 23. I can't imagine that any security conscious sysadmin anywhere *would* allow telnet access to servers. so how exactly is this discovery supposed to work? Unless I'm missing something, it seems like this "discovery"
PMP - Google Authenticator reset function
Hi, I an trying PMP with Google Authenticator. It is very nice and easy to use for admin and users. Great job! On login page there is a link "Have trouble using Google Authenticator ?" which let user to reset the Google Authenticator in case user lost a phone. However, it is a security hole for hackers which already stolen user's password if user's email is not two-step protected. Is there a way to let the super admin to handle the reset manually? If not, can I simply disable the link, just re-enable
Next Page