Revert the CyberArk integration
If you have configured DPA to use credentials stored in CyberArk, complete the following steps if you need to revert the integration and have DPA manage the credentials instead.
- Delete all the CyberArk-related certificates from the DPA trust store.
- Change the credential provider type:
Open the following file in a text editor:
DPA-install-dir\iwc\tomcat\ignite_config\idc\system.properties
Change the value of the following properties (if they exist) from
CYBERARK_REMOTE
toDPA
, and save the file:com.solarwinds.dpa.credentials.provider.type=DPA
com.solarwinds.dpa.credentials.provider.type.database=DPA
com.solarwinds.dpa.credentials.provider.type.repository=DPA
com.solarwinds.dpa.credentials.provider.type.vsphere=DPA
com.solarwinds.dpa.credentials.provider.type.mail=DPA
com.solarwinds.dpa.credentials.provider.type.ldap=DPA
-
Remove the keystore containing the CyberArk client certificate. The location of the keystore is in the following file:
DPA-install-dir\iwc\tomcat\ignite_config\idc\cyberark.properties
- Delete the
cyberark.properties
file. -
After the restart, DPA wizards and other interfaces display fields for credentials instead of the CyberArk credentials query.
- For each monitored database instance, use the Update Connection Wizard to enter the user name and password for the DPA monitoring user.
- For each monitored VMware ESX/ESXi Host or vCenter Server, open the Update VMware Connection page and update the credentials.
- To stop using CyberArk credentials for the DPA repository database:
Open the following file in a text editor:
DPA-install-dir\iwc\tomcat\ignite_config\idc\repo.properties
Remove the line that starts with
repo.cyberarkQuery
,Add or uncomment the
repo.user
andrepo.password
properties.Save the file.
Restart DPA for the changes to take effect.
-
If DPA uses your company's mail server to send email, update the user name and password required to access the mail server.
If DPA uses the default mail server or the embedded mail server, no changes are needed.
- If DPA is configured to use AD or LDAP user authentication, use the Configure AD/LDAP wizard to update the user name and password that DPA uses to query the directory for users and groups. Then restart DPA for the changes to take effect.