PAM-CM-3432: Cannot connect to a domain controller on the specified domain

book

Article ID: 194603

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

While creating a new target account following error is returned and unable to create target account.

PAM-CM-3432: Cannot connect to a domain controller on the specified domain

[Use case]

'User1' account to be created as Target Account.

Existing 'pamadmin' target account to be used for updating above account password.

Environment

Release : 3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

When creating a new target account and assigning another account to update password, you need to ensure the following.

 

'User1'

account password is correct

account is not deactivated in AD

 

 

'pamadmin'

account is verified (please double confirm and see if verification is successful)

account has "Account can change own password" set

 

You cannot configure multiple level of chain to update account password.

User1 pamadmin breakglass administrator

You can only configure 1 level.

User1 (Use the following account to change password) pamadmin (Account can change own password)

 

And if the associated account for password update does not have the password valid password set then creation of the new target account will fail.

 

Attachments