synchronizerConjurHost.xml file not getting created on installing Vault Conjur Synchronizer

Secrets Management - Conjur, Secrets Hub & CP Conjur Enterprise
1

Hi,
I just installed the synchronizer and the installation completed successfully (no errors in logs as well). However, to retrieve the credentials and then onboard the account in Vault, I am unable to find the file synchronizerConjurHost.xml anywhere in the directory.

I am using ‘Vault Conjur Synchronizer-Rls-v10.6’

Tried un-installing and re-installing using administrator account on the server, still gives the same issue. Please help.

2

Hi!
Please look at the directory you ran installation script from.

https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Conjur/cv_VaultIntegration_installation.htm?TocPath=Integrations|CyberArk%20Vault%20Synchronizer|_____2#Installationlogs

Notice in our documentation we mention two main directories:

  • /Logs/Installation.log
  • /Installation.log

synchronizerConjurHost.xml should be located at Installation package directory

Thanks,
Dvir

3

Hi Divr,
I did check the entire folder, there is no such file. I have attached the installation log file. There is a line in the powershell script “WriteOutput -Message “Wrote Synchronizer Conjur host credentials to $conjurHostCredFileOutputPath”” , I don’t see it in the installation.log output file or on the powershell window where I executed the script.

Thanks,
Anit

PlInstallation.log.txt (3.1 KB)

4

Hi Anit,
Lets try those steps:

  1. Please verify again that the directory you are searchinng for the file is not the target path: C:\Program Files\CyberArk\Synchronizer
  2. In Conjur UI, look in the hosts section, is there one already present?
  3. Run the creation of file manually - maybe the directory you run installation from dose not allow file creation.
    $credentials = New-Object System.Management.Automation.PSCredential -ArgumentList “username”,“secret”
    $credentials | Export-Clixml
    Those code line are from instllation script with adjustments.

For last resort, uninstall synchronizer service, delete directories and files, spin up an empty Conjur container, unpack synchronizer archive into “temp” directory and try to run instllation again.

*Advanced debugging could wrap CreateConjurHostAndPolicy() method with try catch

Thanks,
Dvir

5

Hi,

  1. Checked the folder, the xml file is not here. Searched entire drive.
  2. In Conju UI, yes, the host exists, created when I first ran the script
  3. I’m able to run this and it creates an xml file, don’t know why the installer is unable to create the file.

Thanks,
Anit

6

Hi,
If hosts already exists install skip that step.
Can you run it on a clean Conjur?

7

Alternatively, the only reason we need this XML file is so you can get the values necessary to onboard the object in the ConjurSync safe. Since you can see the host in the UI, we have that. So when you create the object in the ConjurSync safe through the PVWA, the username will be host/Sync_<your host here>. Second, to get the API key, login in to the Conjur CLI as the user admin, then run conjur host rotate_api_key -h Sync_<your host here>. The new API key value will be returned, and this will go in the password field of the object in the ConjurSync safe. Note: The host name is case sensitive, please ensure you are using the case as displayed for this host in the DAP UI. HTH!

Regards,
Nate

1 Like