PIM: ENTM Password not sync with AD
search cancel

PIM: ENTM Password not sync with AD


Article ID: 103078


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


I cannot login to my Enterprise Management application server.  I am able to see the page when it loads, but I cannot authenticate against it and I receive a failed reason on the login UI page.


Privileged Identity Manager 12.8, 12.9https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-identity-manager/12-9-01/implementing/using-the-ca-identity-manager-management-console/open-the-ca-identity-manager-management-console.html


If you are experiencing issues authenticating against your domain controller, please make sure that everything in the native environments are in tact and configured correctly, otherwise the application server that is referencing these objects will obviously not work.

Make sure the domain controller has not changed the naming scheme or the IP address of what it originally was.  Perhaps the system administrators had done some maintenance or had some scheduled change controls in place.  Also, be sure the account in which you are logging into the Enterprise Management with exists in Active Directory or the configured LDAP repository for that matter.  Ensure the account is unlocked, that the account's password did not expire, and so on.  Also, make sure certificates are setup correctly.

Also, check the ac-dir.xml file which can be exported from the CA Identity Minder Management Console:

Encrypt the new password from clear text to AES cypher text 

# ./pwdtools.sh -FIPS -p "newPassword" -key /opt/jboss-4.2.3.GA/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config /keys/FIPSkey.dat 

In the "ac-dir.xml" file put the new password (and new user) 
<Credentials user="CN= ... >{AES}: ... ==</Credentials>

Amend the line in the "ac-dir.xml" file so that it is exactly like this: 
<Container objectclass="top,organizationalUnit" attribute="ou" value=""/>

Save the modified "ac-dir.xml" file and return to your 

CA Identity Minder Management Console 
Home : Directories : ac-dir 

Scroll down the page and click the "Update..." button
Select and load the "ac-dir.xml" file
You should now be able to logon to ENTM with the new user / password.

Additional Information

Password Change Procedures: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-identity-manager/12-9-01/implementing/how-ca-controlminder-service-accounts-interact-with-ca-privileged-identity-manager-components/password-change-procedures.html#concept.dita_654bd6f61f2eb65e2c1146b129ae37c6fb952a35_EncryptaClearTextPassword