Troubleshooting

How Do We Get the Logs?

Logs can be obtained from multiple layers:

• Credentials Cache logs

  • Stored locally on the server or Distributed Engine where the Delinea Credentials Cache is installed
  • Include cache operations, secret fetch events, and errors

• Distributed Engine logs

  • Capture PowerShell script execution and pipeline-trigger activity

• Event Pipeline logs

  • Show trigger execution status and failures

• Secret Server / Delinea Platform logs

  • Record secret access, API calls, and authentication events

What Happens if One Credentials Cache Instance is Unavailable?

If a Credentials Cache instance becomes unavailable:

• Other Credentials Cache instances continue to operate normally
• There is no impact on the overall system or secret availability

When the unavailable instance comes back online, it retrieves secrets during the next update trigger or through an on-demand refresh.

Recommendations / Best Practices:

• Always deploy at least two Credentials Cache instances to avoid single-instance unavailability
• Use Event Pipelines to trigger secret updates consistently
• Ensure each Credentials Cache instance independently retrieves and caches secrets from Secret Server or the Delinea Platform to achieve high availability

Common Issues

If your cache is not updating after a password change, verify the following:

• Your Distributed Engine is running and accessible.
• Your Credentials Cache service is reachable from the Distributed Engine.
• You have properly associated the Event Pipeline with the secrets.
• The /api/secretchanged endpoint is returning successful responses.