search cancel

PAM : Password rotation (schedule job) intermittently fails

book

Article ID: 190722

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Password rotation schedule job intermittently fails when trying to rotate many users (200+) in Active Directory.

Environment

PAM 3.3.2 and above

Cause

Active Directory replication is not happening fast enough or there is a maximum connections limitation on Active Directory.

If you limit the scheduled job to only 50 accounts, we work successfully.

Resolution

Please go to the following location:

https://support.broadcom.com/external/content/release-announcements/CA-Privileged-Access-Manager-Solutions--Patches/5929

and download and apply PAM_DISABLE_MULTI_THREAD.p.zip.

Additional Information

With the patch, multi thread feature in password rotation schedule job is disabled and we will use only 1 thread to change passwords.