PAM : Password rotation (schedule job) intermittently fails
search cancel

PAM : Password rotation (schedule job) intermittently fails


Article ID: 190722


Updated On:


CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)


Password rotation schedule job intermittently fails when trying to rotate many users (500+) in Active Directory.


PAM 3.3.2 and above


Reasons why this happens:

  • Active Directory replication is not happening fast enough or there is a maximum connections limitation on Active Directory.
  • We are integrating into a Load Balancer or a LDAP Farm which is worldwide.  One request to change password when to one region and the verification of the new password went to another.

If you limit the scheduled job to only 50 accounts, we work successfully or if you can the password manually we would work as well.


Please go to the following location:

and download and apply

Note:  This patch will need to be installed after every upgrade!

Additional Information

With the patch, multi thread feature in password rotation schedule job is disabled and we will use only 1 thread to change passwords.