CA PAM appliance has steady high CPU usage
search cancel

CA PAM appliance has steady high CPU usage


Article ID: 138549


Updated On:


CA Privileged Access Manager (PAM)


We have observed steady increase in CPU usage on PAM servers in our primary cluster site. Initially we saw 20-30% CPU usage and thought this is normal. But recently the percentage has gone to about 60%. It may be higher when there is a lot of user activity, but it never goes down below 60% now, even when there is very low user activity, and users start reporting performance problems with PAM. Our PAM server is configured with 8 CPUs.


PAM 3.2.x and 3.3.0 servers with Windows Remote target connector configured to manage passwords on Windows servers.


There is a potential problem on the PAM server when the Windows Remote target connector runs into problems while communicating with a target device to verify or update account passwords. In rare cases this can leave behind a looping process that takes up all available time on one CPU. Even a cluster restart will not terminate these hung processes. With time there may be multiple of these processes running. E.g. 5 looping processes on a PAM server with 8 CPUs will results in a steady CPU usage of 60+ percent. If scheduled jobs are used to rotate passwords of Windows accounts on a regular basis, a single target account using the Windows Remote connector could be responsible for all looping processes.


A PAM server reboot will resolve the problem.

If this is a production node and you cannot restart the server any time soon, you can engage PAM support to kill the problem processes during a WebEx session with SSH access to the PAM server. This requires an SSH debug patch to be applied, a PAM admin has to enable SSH access, and firewall rules need to allow SSH access to PAM from a laptop/desktop that can run a PuTTY SSH client.

Additional Information

The defect is resolved with 3.3.1 PAM.