MID Server cyberark AppProviderUser.cred file missing

Jeff WelchBAE
Tera Expert

We have Cyberark configured on our MIDs for a couple of years now but recently one of our MIDs stopped communicating with Cyberark.  The Application Password Provider service had stopped and when restarting, it immediately stops.  

 

The AppConsole.log shows entries where "APPAP037E Application Password Provider has been terminated" along with "APPAP107E Failed to get user identifier from credential file" (AppProviderUser.cred)  

 

Upon research, it appears our AppProviderUser.cred is missing and there is one in the vault directory labeled as AppProviderUser.cred.old.  The .old file is empty.   

 

As admin, I launched cmd prompt and ran the CreateCredFile.exe and entered my parameters - it appears to accept it but no new AppProviderUser.cred has appeared.  Cyberark documentation is not real clear.  Only one of our many MIDs is having this issue.  

 

Does anyone have any insight on this issue?

1 ACCEPTED SOLUTION

Harisharan
Tera Guru

We ran into a similar issue for some of our MIDServers last week. It's a 2 step solution where CyberArk team had to first recreate the CredFiles by doing a authentication password reset for the Provider host in Private Ark. After this, use the CreateCredFile utility to create a new credential file in the MIDServer (has to be executed from the CyberArk\ApplicationPasswordProvider\Vault folder) after which the service will come up.

 

Sharing some related documentation.

APPAP107E Failed to get user identifier from cred file <cred file> (Error: <error>)

Recommended Action:

This message appears due to any of the following reasons:

  • The Credential Provider’s user credential file does not exist.
  • The provider lacks the proper read permissions on the credential file.
  • The credential file was corrupted.
  • The OS user restriction in the credential file contains a different OS user from the OS user that runs the Provider application.

Do the following:

  1. Create the credential file in the required path.
  2. Make sure that the provider has the proper read permissions on the credential file.
  3. Recreate the credential file with proper information.
  4. Check that the OS user that is written in the credential file is the OS user that runs the Provider application

View solution in original post

1 REPLY 1

Harisharan
Tera Guru

We ran into a similar issue for some of our MIDServers last week. It's a 2 step solution where CyberArk team had to first recreate the CredFiles by doing a authentication password reset for the Provider host in Private Ark. After this, use the CreateCredFile utility to create a new credential file in the MIDServer (has to be executed from the CyberArk\ApplicationPasswordProvider\Vault folder) after which the service will come up.

 

Sharing some related documentation.

APPAP107E Failed to get user identifier from cred file <cred file> (Error: <error>)

Recommended Action:

This message appears due to any of the following reasons:

  • The Credential Provider’s user credential file does not exist.
  • The provider lacks the proper read permissions on the credential file.
  • The credential file was corrupted.
  • The OS user restriction in the credential file contains a different OS user from the OS user that runs the Provider application.

Do the following:

  1. Create the credential file in the required path.
  2. Make sure that the provider has the proper read permissions on the credential file.
  3. Recreate the credential file with proper information.
  4. Check that the OS user that is written in the credential file is the OS user that runs the Provider application