search cancel

PAM : "Can't decide access type" error when trying to access target device

book

Article ID: 145471

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When trying to open an session to a device from PAM, it does not work with the following error : "Can't decide access type."




Environment

Product: Privileged Access Manager
Version: 3.3.0, 3.4.x or later

Cause

Corruption in PAM database.
One customer reported the issue after PAM version upgrade.
Other customer reported the issue after PAM's hardware ID change (If Mac address is changed, PAM's hardware ID is also changed.)

Resolution

Database repair patch available for 3.3.0 and 3.3.1

PAM 3.3.0 --> hotfix CAPAM_3.3.0.16.p.zip
PAM 3.3.1 --> hotfix CAPAM_3.3.1.09.p.zip

Note. The patch will just repair PAM database corruption.

You can find the mentioned fixes in CA Privileged Access Manager Solutions & Patches

Review also the patches documentation at:


For 3.3.2 and later, please refer to another article 189378 to repair database corruption.
https://knowledge.broadcom.com/external/article?articleId=189378

Steps:

- Secondary node in the Primary Cluster was giving the error message "Can't decide access type" 
- Turned OFF the cluster making sure that users are able to login to the primary node of the cluster.
- We took the DB back and configuration backup of the the second node in the cluster, this was a precautionary step.
- The Database was reset, making sure that the devices, users, target users, and policies are all cleared from the secondary node
- Added the secondary node back into the cluster
- Once the cluster was reconfigured, the problem of "Can't decide access type" stopped
- We did connect to some of the Linux devices and the autologin was also successful.

 

Additional Information

Unfortunately, the issue (corruption) might happen in another day.
If it happens, please repair database again.

Attachments