CA PAM is not able to communicate with RSA after the RSA server has been upgraded to version 8.4 patch 08


Article ID: 142513


Updated On:


CA Privileged Access Manager (PAM)


After a recent upgrade of the All of a sudden PAM version 3.3.1 is not able to use RSA authentication anymore.

Any attempt at loging in with an RSA or RSA+LDAP user results in a message about "Bad UserID or password" and the users cannot log in

This behaviour started happening all of a sudden and it likely began when the RSA server was upgraded. 

After several checks it is determined that agents are enabled and that ports 5500 5550 are open. There are no inconsistencies in name resolution and sdconf.rec as well as sdopts.rec have been reloaded and node secret cleared to no avail.


It is likely that, if CA PAM is version 3.3.X, which uses ACE/Agent Version, and the RSA server has been updated to version 8.4.0 patch 08, the issue described in

is occurring. This has been acknowledged by RSA to be a problem in this patch level due to an Oracle Java JDK update included in that patch.


CA PAM 3.3.X with RSA server 8.4 patch 8


This is not a PAM issue, so either upgrade to a later version of RSA or follow the workaround described in

Please refer to this external reference or to RSA Knowledge resources for further information

Additional Information

See case 20157385