Password rotation schedule job intermittently fails when trying to rotate many users (500+) in Active Directory.
PAM 3.3.2 and above
Reasons why this happens:
If you limit the scheduled job to only 50 accounts, we work successfully or if you can the password manually we would work as well.
Please go to the following location:
https://support.broadcom.com/external/content/release-announcements/CA-Privileged-Access-Manager-Solutions--Patches/5929
and download and apply PAM_DISABLE_MULTI_THREAD.p.zip.
Note: This patch will need to be installed after every upgrade!
With the patch, multi thread feature in password rotation schedule job is disabled and we will use only 1 thread to change passwords.