Skip to main content

Team, we deployed a new Password Safe install and just added a Linux server manually as the first managed system. When testing the fucntional account or rotating the managed account password, we are getting the error below:

 

2025-01-13 18:07:49.121 +00:00 Debug] (23) (85f1e494-7492-4a55-9a66-9db07cb54c3e) api/ps/forms/functional-accounts/FormDefinition/PerformAction/{id} PerformAction -1-  An unexpected error has occurred
BeyondTrust.Webconsole.ApiExceptions.BadRequestException: Verify Functional Account credentials action.
Error: client credentials config not found

Plugin: Name=SSH, Id=22e4a4e1-3f85-4037-a567-a9b7a0d7179b, Version=3.8.1.0, Publisher=BeyondTrust
   at BeyondTrust.WebConsole.PasswordSafe.Plugin.Services.Services.Forms.FunctionalAccount.BaseFunctionalAccountFormService.<>c__DisplayClass47_0.<AddCredentialSectionFields>b__8()
   at BeyondTrust.BeyondInsight.WebConsole.Service.DynamicForm.Service.BaseFormService`2.PerformAction(FormDefinition formDefinition, String uniqueName)
   at BeyondTrust.WebConsole.PasswordSafe.Plugin.Api.Controllers.FunctionalAccountFormController.PerformAction(FormDefinition form, String id)
   at lambda_method(Closure , Object , Objectt] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass6_2.<GetExecutor>b__2(Object instance, Objecta] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---

 

 

Anyone has already seen this before?

 

thanks

check to verify that the functional account is on the linux servers? is this an AD functional account? if it is then what are you using to connect you linux servers to AD? AD bridge? if not it need to be a local account on the servers and have sudo access?

there is a good guide in the documentation telling you how to set up the functional accounts for linux/unix.

 

Its a local account on the target linux server which has root privileges. Not joined to an AD domain. I also tried with a regular user who has sudo rights on the box, same error. Putty.exe from the host where password safe is installed to the target linux server works well, so no communication/ports issues.

 

I have installed other systems in the past and never had this issue before.

 

The error message in the log doesn’t provide too much details to what could be the cause of the issue. I saw a KB article asking to check if the hostname that is being used in the BI configuration is aligned to what is present in a configuration file (IdentityURL) and it is the same.

Error: client credentials config not found   - try recreating the functional account

Reply


Badge Earners

  • BCIE: Endpoint Privilege Management - Windows
    Nikhil Raohas earned the badge BCIE: Endpoint Privilege Management - Windows
  • BCIE: Password Safe
    Nikhil Raohas earned the badge BCIE: Password Safe
  • BCA: Password Safe
    Zubairhas earned the badge BCA: Password Safe
  • BCIE: Remote Support
    1000Wasserhas earned the badge BCIE: Remote Support
  • BCIE: Privileged Remote Access
    rrueschXalienthas earned the badge BCIE: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings