PAM UI no longer accessible

book

Article ID: 140366

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM is a closed black box appliance with no public SSH option available to it.  What options are there if a PAM Admin cannot login to the UI?

 

Environment

Release: PAM 3.2.x, 3.3.x, 3.4.x

 

Component:

Resolution

When PAM is not accessible via the standard UI, please try these options (in order):

  • Log into the PAM Configuration URL (https://<appliance name>/config/) with config user.
  • If this URL didn't load then:
  • Log into the PAM Legacy URL (https://<appliance name>/config/?legacy=1) with config user.
  • If this is not available either;
  • Please recover via a Snapshot or a Backup.
  • If none of the above are available, CA Support can potentially SSH to the server.
  • Please open a support to to have an PAM Support Engineer attempt to SSH into PAM Appliance.
  • Note:  Before we can SSH to the appliance the "PAM_SUPPORT_SSH_DEBUG" patch needs to be applied and in the  PAM UI >> Configuration >> Diagnostics >> System >> Remote CA PAM Debugging Services needs to be set to "On".

Additional Information

Please also see the following knowledge document that covers login failures due to clustering:

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=115729