Closed c3rberus closed 11 months ago
ryannewington
commented
1 year ago Thanks for reporting this @c3rberus
You can list and remove JIT scheduler jobs with PowerShell
https://docs.lithnet.io/ams/help-and-support/powershellmodule/remove-amsjitschedulerjob
We'll address the underlying issue in a future version update.
c3rberus
commented
1 year ago Perfect, thank you!
stale[bot]
commented
11 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.
Is there a way to clear jobs in the AMS scheduler?
I am in the process of configuring Lithnet in our environment, using it for privileged role JIT with the AMS scheduler (optional PAM feature is not enabled in the domain).
If I run into an issue like email notifications not working, and the roles configured to roll-back if no audit is created, then attempt to request JIT role, we get this:
Quartz.JobPersistenceException: Couldn't store job: Unable to store Job: 'JitAccessScheduler.job-S-1-5-21-2101611859-535772942-452798024-20411-S-1-5-21-2101611859-535772942-452798024-16698', because one already exists with this identification.
The events that led up to this are...
Delivery of audit notification to 20fc9f1b-10ad-475c-a8fb-fc3675cae622 failed System.Net.Mail.SmtpException: Failure sending mail.
The notification channel 'smtp' failed to process the audit message Lithnet.AccessManager.Server.Exceptions.AuditLogFailureException: One or more errors occurred. (Failure sending mail.
Rolling back JIT access for user XXXXXX\user.admin to target '137e0cbf-b0f5-4d02-9e50-83d15758bb5d' due to an exception in the audit process
Sounds like the "rolling back JIT access" does not clear the AMS scheduler job, so if user tries to request access again, it does not work.
Is there a way to clear the JitAccessScheduler?