We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Query regarding using secure port (5986) and prerequisites for connecting to target Windows from Sav

Pooja
New Contributor II
New Contributor II

Hi,

We have a restriction on using an unsecure port 5985 to establish a connection to a target Windows onprem system from Saviynt. Therefore, we are planning to use port 5986 for the connection. We would like to know the prerequisites that need to be completed on the target Windows system if we want to use port 5986.

Also , Do we need to use the local Windows SSL certificate, or is the RootCA certification sufficient?

Additionally, if we are using the secure port, will there be any issues with the Just-In-Time access method or any other access methods?

We have referred to the following SavIynt documents for guidance:

A. Saviynt Documentation (saviyntcloud.com)
B. 14.  FAQ (saviyntcloud.com) 

However, we found some conflicting information. Document A recommends using the secure port, while Document B mentions that executing PowerShell commands from non-Windows servers over SSL is not supported due to Microsoft's limitations.

Could you please provide us with the necessary information and clarify our doubts?"

 

Thanks

3 REPLIES 3

NageshK
Saviynt Employee
Saviynt Employee

@Pooja Thanks for posting your question. Are the windows onprem servers you are trying to onboard joined to a domain? If yes, 5986 port will not be supported. This is what point 14 in Document B is calling out.

Thanks

Nagesh K

Nishanth
New Contributor III
New Contributor III

Hi @NageshP  - Does the onprem domain-joined Windows machine work on the secured port 5986 using local master accounts instead of domain master accounts in the windows connector?

Alternatively, is there any workaround to use port 5986 for domain-joined onprem windows machines?

NageshK
Saviynt Employee
Saviynt Employee

@Nishanth I have consulted on this question internally and I got a confirmation that by using a local account you should be able to use 5986 for domain joined windows machine. Please go ahead and validate it for one machine. 

Thanks,

Nagesh K