I’m currently configuring Just-in-Time (JIT) access in my lab environment However, I’m encountering an issue with the following error:“Error provision Credentials.”
Could you please guide me on how the template should be structured to correctly create and delete a user for Windows Server access and other forms?
Hello, Jean Paul Mansour
Thank you for reaching out!
To assist you effectively with the “Error provisioning Credentials” message during your Just-in-Time (JIT) configuration, we recommend opening a support ticket through our official platform. Please include the following:
Providing these details will help our technical team analyze the issue more accurately and guide you through the appropriate adjustments.
Plataform: https://support.senhasegura.com
Best regards.
Hi Jade,
What I did is:
Configured a template for creating and deleting:
A.In Template
1-Create a user over Windows RM as the executor and the execution Type: New user.
With the below content:
!unsecure
powershell New-ADUser -SamAccountName [username#] -Name “[username#]” -AccountPassword (ConvertTo-SecureString -AsPlainText “[#NEW_PASSWORD#]” -Force) -Enabled $true -Path ‘CN=Users,DC=test,DC=local’
2-Delete a user over Windows RM as the executor and the execution Type: User Delete.
Content:
!unsecure
powershell Remove-ADUser -Identity “[username#]” -Confirm:$false
B. In the credentials:
I created a Domain user (already found on the Windows server, I set its username and password in the credentials ) and in the template, I set the TYPE: Credential creation and deletion. and I attached the template created with Windows RM as a plugin.
C. In the device:
I added the Windows RM in the connector, and in addition, I ensured that the WinRM is running on the device and everything is connected.
When I Launch the RDP, it fails with the below
In the executions–>List Operations:
i have the below error
Template: Windows RM - CrearteADUser Version: 4
Start: 05/08/2025 21:51:05 End: 05/08/2025 21:52:18 Error: Yes
Error: /usr/lib/ruby/vendor_ruby/httpclient/session.rb:805:in `gets’: execution expired (HTTPClient::ReceiveTimeoutError)
New-ADUser -SamAccountName senseg57975374 -Name “senseg57975374” -AccountPassword (ConvertTo-SecureString -AsPlainText “**********” -Force) -Enabled $true -Path ‘CN=Users,DC=test,DC=local’ /usr/lib/ruby/vendor_ruby/httpclient/session.rb:805:in gets': execution expired (HTTPClient::ReceiveTimeoutError) from /usr/lib/ruby/vendor_ruby/httpclient/session.rb:805:in block in parse_header’ from /usr/lib/ruby/2.7.0/timeout.rb:105:in timeout' from /usr/lib/ruby/vendor_ruby/httpclient/session.rb:801:in parse_header’ from /usr/lib/ruby/vendor_ruby/httpclient/session.rb:784:in read_header' from /usr/lib/ruby/vendor_ruby/httpclient/session.rb:561:in get_header’ from /usr/lib/ruby/vendor_ruby/httpclient.rb:1299:in do_get_header' from /usr/lib/ruby/vendor_ruby/httpclient.rb:1245:in do_get_block’ from /usr/lib/ruby/vendor_ruby/httpclient.rb:1019:in block in do_request' from /usr/lib/ruby/vendor_ruby/httpclient.rb:1133:in protect_keep_alive_disconnected’ from /usr/lib/ruby/vendor_ruby/httpclient.rb:1014:in do_request' from /usr/lib/ruby/vendor_ruby/httpclient.rb:856:in request’ from /usr/lib/ruby/vendor_ruby/httpclient.rb:765:in post' from /usr/lib/ruby/vendor_ruby/winrm/http/transport.rb:228:in init_auth’ from /usr/lib/ruby/vendor_ruby/winrm/http/transport.rb:170:in send_request' from /usr/lib/ruby/vendor_ruby/winrm/winrm_service.rb:492:in send_message’ from /usr/lib/ruby/vendor_ruby/winrm/winrm_service.rb:393:in run_wql' from /usr/lib/ruby/vendor_ruby/winrm/command_executor.rb:190:in os_version’ from /usr/lib/ruby/vendor_ruby/winrm/command_executor.rb:149:in code_page' from /usr/lib/ruby/vendor_ruby/winrm/command_executor.rb:72:in block in open’ from /usr/lib/ruby/vendor_ruby/winrm/command_executor.rb:222:in retryable' from /usr/lib/ruby/vendor_ruby/winrm/command_executor.rb:71:in open’ from /usr/lib/ruby/vendor_ruby/winrm/winrm_service.rb:359:in create_executor' from /opt/winpowershell.rb:88:in ’
Hello Jean Paul Mansour,
Thank you for sharing the details of your configuration — this helps a lot in understanding the scenario.
PAM already has predefined models (templates) for creating and deleting users using LDAP and Windows RPC, which are widely tested and recommended for this type of operation.
In your case, since a ticket has already been opened with support, we suggest you continue there, as the team will be able to analyze your environment and the logs presented in more depth, in addition to providing guidance, if necessary, on adapting the template used for your specific scenario.
If you need anything else, we are at your disposal!
Best regards.