PAM : Password rotation (schedule job) intermittently fails
search cancel

PAM : Password rotation (schedule job) intermittently fails

book

Article ID: 190722

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Password rotation schedule job intermittently fails when trying to rotate many users (500+) in Active Directory.

Environment

PAM 3.3.2 and above

Cause

Reasons why this happens:

  • Active Directory replication is not happening fast enough or there is a maximum connections limitation on Active Directory.
  • We are integrating into a Load Balancer or a LDAP Farm which is worldwide.  One request to change password when to one region and the verification of the new password went to another.

If you limit the scheduled job to only 50 accounts, we work successfully or if you can the password manually we would work as well.

Resolution

Please go to the following location:

https://support.broadcom.com/external/content/release-announcements/CA-Privileged-Access-Manager-Solutions--Patches/5929

and download and apply PAM_DISABLE_MULTI_THREAD.p.zip.

Note:  This patch will need to be installed after every upgrade!

Additional Information

With the patch, multi thread feature in password rotation schedule job is disabled and we will use only 1 thread to change passwords.

Powered by Wolken Software