[HELP] Is there a way to clear jobs in the AMS scheduler?

[c3rberus]

Is there a way to clear jobs in the AMS scheduler?

I am in the process of configuring Lithnet in our environment, using it for privileged role JIT with the AMS scheduler (optional PAM feature is not enabled in the domain).

If I run into an issue like email notifications not working, and the roles configured to roll-back if no audit is created, then attempt to request JIT role, we get this:

Quartz.JobPersistenceException: Couldn't store job: Unable to store Job: 'JitAccessScheduler.job-S-1-5-21-2101611859-535772942-452798024-20411-S-1-5-21-2101611859-535772942-452798024-16698', because one already exists with this identification.

The events that led up to this are...

Delivery of audit notification to 20fc9f1b-10ad-475c-a8fb-fc3675cae622 failed
System.Net.Mail.SmtpException: Failure sending mail.

The notification channel 'smtp' failed to process the audit message
Lithnet.AccessManager.Server.Exceptions.AuditLogFailureException: One or more errors occurred. (Failure sending mail.

Rolling back JIT access for user XXXXXX\user.admin to target '137e0cbf-b0f5-4d02-9e50-83d15758bb5d' due to an exception in the audit process

Sounds like the "rolling back JIT access" does not clear the AMS scheduler job, so if user tries to request access again, it does not work.

Is there a way to clear the JitAccessScheduler?

[ryannewington]

Thanks for reporting this @c3rberus

You can list and remove JIT scheduler jobs with PowerShell

https://docs.lithnet.io/ams/help-and-support/powershellmodule/remove-amsjitschedulerjob

We'll address the underlying issue in a future version update.

[c3rberus]

Perfect, thank you!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.