When trying to Synchronizing an account to "Update both the Credential Manager Server and the target system it throws the error "PAM-CM-3432: Cannot connect to a domain controller on the specified domain "

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Set Debugging:

PAM UI >> Configuration >> Diagnostics >> Diagnostic Logs >> Log Levels >> Set "Tomcat Log Level" to Config >> Click Submit.

and Reproduced Problem.  In the PAM UI >> Configuration >> Diagnostics >> Diagnostic Logs >> Download >> Recent Log Entries

we saw the following error:

Aug 26, 2019 3:40:34 PM com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager loginToActiveDirectoryServer

INFO: Failed authentication to Active Directory using account '<ldapuser>'

com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager$LDAPSSLException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xxx.xxx found

AD Certificate doesn't have IP Address in the Subject Alternative Name,.

We therefore integrated into their LDAP server with their hostname over LDAPS, which their certificate was generated for.