(imported topic written by JanStraarup)
Hi
I am setting up TRC in p2p mode but am having a issue.
When i set the CheckUserGroup to my domain administrators i get a error "the target has refused the session.
It is working fine with the builtin\administrators group, but only with local accounts.
I can’t seem to find documentation that says if what i am trying is possible or not.
Regards Jan
(imported comment written by jgstew)
I don’t have experience using TRC with AD creds.
If you are using v9+ of BigFix / IEM, then you could create a local admin on the endpoint, set its password using a secure parameter, then delete it or otherwise maintain it.
See a set password example using secure parameters here:
Win:
http://bigfix.me/fixlet/details/3670
Mac:
http://bigfix.me/fixlet/details/3671
The secure parameter uses client mailboxing and encryption. The password is entered into the console, encrypted, then sent to the endpoint so that only the endpoint can decrypt it.
(imported comment written by JoseManuelGomez)
Hi Jan,
Authenticating P2P sessions with AD credentials is supported and should work, but there is a limitation as you say with Builtin\Administrator in that it only works with local accounts in the system.
I think it would be best to open a PMR and go through the official support process to troubleshoot this issue. Please include in the PMR submission a target log showing the login failure. Here is how to get target logs enabled:
http://www-01.ibm.com/support/docview.wss?uid=swg21640296
.