How to troubleshoot issues with credentials

This article describes common credential-related issues in Cayosoft Guardian and explains how to resolve them.

Fix credentials that are not assigned to any managed system

If a credential record is no longer used by any managed system, remove it to avoid confusion.

1. Go to Configuration > Credentials.
2. Select the unused credential record by Account name.
3. Click Delete.
4. Confirm the deletion.

Fix incorrect credentials for Cloud Services

If credentials used by a Cloud Service are incorrect, expired, or no longer supported, the Cloud Service cannot authenticate successfully.

A Cloud Service cannot be deleted if it is referenced by Forest Recovery sites, backup locations, or temporary storages. In that case, Guardian displays an error indicating that the managed subscription cannot be deleted because it is referenced by other objects.

When this happens, do not delete the Cloud Service. Update the credentials by using the appropriate procedure below.

Update credentials for an Azure Cloud Service

Use this procedure if:

• the Azure subscription was added in an earlier version of Cayosoft Guardian by using legacy user-account credentials
• the Azure subscription already uses Entra Application account credentials and needs to be refreshed or updated
• you need to revalidate Azure access after a credential-related failure

1. Go to Forest Recovery > Cloud Services.
2. Click Add Azure subscription.
3. Sign in with an Azure account that can grant the required permissions.
4. Select the Azure subscription that you want to add or update.
5. Complete the wizard.

When the wizard completes, Cayosoft Guardian handles the Azure subscription based on its current state:

• If the subscription is new, Guardian adds it by using Entra application account credentials.
• If the subscription is already registered and still uses legacy user-account credentials, Cayosoft Guardian updates it to use Entra application account credentials.
• If the subscription is already registered and already uses Entra application account credentials, Cayosoft Guardian updates the existing configuration in the same way as the Grant access action.

During the update, Cayosoft Guardian also updates related Azure references, including:

• the Azure Cloud Service record
• associated backup locations
• temporary Azure locations used by recovery sites

Cayosoft Guardian also refreshes the certificate when applicable, grants the required Azure permissions and API roles, and validates access to Azure resources.

When you run Add Azure subscription for an already registered Azure subscription, Cayosoft Guardian no longer displays the already exists error if the goal is to update the existing subscription credentials.

Update credentials for an AWS Cloud Service

If the credentials for an AWS Cloud Service are no longer valid, update them as follows:

1. Go to Forest Recovery > Cloud Services.
2. Select the AWS Cloud Service.
3. Click Properties.
4. Under Credentials, click the edit icon.
5. Click Grant access.
6. Provide the updated Access Key ID and Secret Access Key.
7. Complete the wizard.

When the wizard finishes, Cayosoft Guardian updates the stored AWS credentials and validates access to AWS resources.

Fix credentials used by a managed system

If a managed system such as an AD domain, SQL Server, or Azure tenant cannot authenticate, update the assigned credential record.

1. Go to Configuration > Credentials.
2. Locate the credential used by the managed system.
3. Double-click the credential to open its properties.
4. Re-enter the password, secret, or key as required.
5. Save the changes.

Cayosoft Guardian applies the updated credentials to all managed systems that use that credential record.

If authentication still fails after updating the credentials:

• verify that the correct credential record is assigned to the affected managed system or Cloud Service
• verify that the account still has the required permissions in the target environment
• for Azure, verify that the sign-in account used during the wizard can grant the required access to the subscription