When trying to Synchronizing an account to "Update both the Credential Manager Server and the target system it throws the error "PAM-CM-3432: Cannot connect to a domain controller on the specified domain "
Release : 3.3
Component : PRIVILEGED ACCESS MANAGEMENT
Set Debugging:
PAM UI >> Configuration >> Diagnostics >> Diagnostic Logs >> Log Levels >> Set "Tomcat Log Level" to Config >> Click Submit.
and Reproduced Problem. In the PAM UI >> Configuration >> Diagnostics >> Diagnostic Logs >> Download >> Recent Log Entries
we saw the following error:
Aug 26, 2019 3:40:34 PM com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager loginToActiveDirectoryServer
INFO: Failed authentication to Active Directory using account '<ldapuser>'
com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager$LDAPSSLException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xxx.xxx found
AD Certificate doesn't have IP Address in the Subject Alternative Name,.
We therefore integrated into their LDAP server with their hostname over LDAPS, which their certificate was generated for.