CyberArk PAS
      Back to home
      1. Knowledge Base
      2. Identity Security
      3. CyberArk PAS

      PVWA – How can I create or update the credential files (credfile) for the PVWA manually? VERSION 12.1.1 and above ONLY

      How can I create or update the credential files (credfile) for the PVWA manually? (12.1.1 and above ONLY)

      1. On the PVWA Server, stop IIS

      IISStop.jpg
       

      2. Logon to PrivateArk Client as “Administrator” or any other user with “Manage Users” privileges in the root location.

      PAClient.jpg

      3. Go to Menu “Tools-Administrative Tools-Users and Groups”

      PAClient4.jpg

      4. Select “PVWAAppUser” and click “Update”. (Note: Make sure you select the right PVWAAppUser. Be careful if you have more than one PVWAAppUser, e.g. PVWAAppUser1 and select the correct one by checking C:\CyberArk\Password Vault Web Access\credfiles > appuser.ini and gwuser.ini!)

      PAClient3.jpg

      5. In the “Authentication Tab” specify a new, random password in the “Password” field, repeat it and click “OK”.

      PVWAU1.jpg

      6. Click "Trusted Net Areas" button and make sure "State" is set to "Active". If it is set to "Inactive" click "Activate" to change the state to active. Remember / write down the password set as it will be needed in a later step.

      PVWAU2.jpg

      7. Select “PVWAGWUser” and click “Update”.
      (Note: Make sure you select the right PVWAGWUser. Be careful if you have more than one PVWAGWUser, e.g. PVWAGWUser1 and select the correct one!)

      PVWAU3.jpg

      8. In the “Authentication Tab” specify a new, random password in the “Password” field, repeat it and click “OK”.

      PVWAU4.jpg

      9. Click "Trusted Net Areas" button and make sure "State" is set to "Active". If it is set to "Inactive" click "Activate" to change the state to active. Remember / write down the password set as it will be needed in a later step.

      PVWAU5.jpg

      10. On the PVWA Server, open an administrative command line and go to “C:\CyberArk\Password Vault Web Access\Env”.

      CMD1.jpg

      11. Run “CreateCredFile.exe appuser.ini Password /Username PVWAAppUser /Password {password} /AppType PVWAApp /ExePath "c:\windows\system32\inetsrv\w3wp.exe" /EntropyFile /DPAPIMachineProtection​"

      PVWAC1.jpg

      12. Run “CreateCredFile.exe gwuser.ini Password /Username PVWAGWUser /Password {password} /AppType PVWA /ExePath "c:\windows\system32\inetsrv\w3wp.exe" /EntropyFile /DPAPIMachineProtection"

      PVWAC12jpg.jpg

      13. Move the newly created CredFiles and EntropyFiles to “C:\CyberArk\Password Vault Web Access\CredFiles”

      PVWACopy.JPG

      14. Start IIS (and its dependent services) on the PVWA machine.

      IISStart.jpg

      15. Make sure you can access the PVWA using your web browser.

      StartPage.jpg