Secret Server
Password Reset Server
- Overview
- Demo Movie
- Features
- Download
- Purchase
- Forums
- Support
- Community
Group Management Server
- Overview
- Features
- Download
- Purchase
- Support
- Forums
Company
- About Us
- In the Press
- Industry Analysts
- Our Team
- Blog
- Careers
- Events
- Privacy Statement
- Contact

Community Home	Forum Home	Recent Topics	Recent Posts	Search

Thycotic Community Forum

Messages in this topic - RSS

Home » Secret Server » Heartbeat query question

Discuss best practices, feature requests and general advice.

show rated messages only |

9/10/2010 6:09:18 AM Nick D Posts: 58	What exactly is the heartbeat process doing when heartbeating an account in Active Directory. There is some concern over if we have heartbeating set on short durations, on thousands of secrets, how will this impact Active Directory.
	0 • link
9/10/2010 9:48:07 AM David Posts: 81	When a heartbeat is performed on an Active Directory secret, it uses an LDAP query to authenticate that account. If the authentication fails, then it will no longer try to run the heartbeat until it is changed in Secret Server (or the run heartbeat button is pressed) to prevent locking out the account. The heartbeats are run serially instead of concurrently, so your Active Directory won't be pelted with thousands of LDAP queries at the same time.
	0 • link
11/12/2010 2:15:21 AM Peter C Posts: 16	How is the mechanism for Windows Local accounts? What ports do we need for our DMZ Servers?
	0 • link
11/12/2010 9:00:53 AM Jacob S Posts: 26	Hello, The following two ports are needed for Windows RPC and Heartbeat depending on the operating system and how the computers are set-up. Windows Kerberos (441) Windows NTLM (2640) However we would recommend installing a Secret Server Agent on a DMZ Server, which would allow you to choose the port that the Agent communicates with Secret Server through the firewall, and you would not have to open either of the ports above.
	0 • link
11/15/2010 6:03:25 AM Peter C Posts: 16	Hello Jacob, thank you for the quick answer. Now the next question: Are the connections initiated by SecretServer initiate the the Agent? I suppose Secret Server initiates the connection - correct? Because the Agent would not be allowed to access ports in the inner Network, only from the inside out is allowed by our firewall policy. Thank you! Kind regards, Peter Cermak
	0 • link
11/16/2010 8:30:56 AM Scott Posts: 45	Peter, Agent initiates the connection. It is most useful for environments where admins have control over opening ports on their own networks, but do not have control over the ports in the external networks. Thus, agent would call back to the Secret Server through ports the admin would enable. It looks as though this would not be helpful to you. You would be better off opening the ports discussed earlier on the DMZ servers. Thank you for your questions, Scott Thycotic Support
	0 • link

show rated messages only |

Home » Secret Server » Heartbeat query question