[PAM] PAM-UI-1428: Bootstrap node for the primary site is unavailable.

book

Article ID: 198081

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

[Use Case]

There is 1 Primary Site with 2 PAM nodes in Cluster.

There was a network interruption and PAM Servers were no longer accessible.

Rebooted both PAM nodes and able to login but following message appears.

 

When login as PAM Administrator.

And only a sub-set of MENU was visible.

 

When login as PAM Standard User.

Cause

This is due to PAM operating in a Quorum-Loss Mode.

In this use case there are only 2 nodes and losing 1 node will put PAM in Quorum-Loss Mode as Majority of the Cluster Members are not available for Data Replication.

If there were 3 nodes then losing 1 node would still allow PAM to operate normally but in a 2 node configuration it would result in Quorum-Loss Mode.

 

When 1 node was no longer accessible (Secondary Node was unplugged from Network) and Majority of Cluster Members were not online, PAM was not responding to PAM Client for login.

So both nodes were rebooted trying to see if that will recover PAM access but the network issue was yet to be resolved.

When both nodes were booting up and still unable to find the majority of the Cluster Members online, it continues to contact all members and this will go for 5 minutes max.

Once 5 minutes have passed, PAM nodes will give up by turning off the cluster and deactivating the database.

 

As a result, when you logon to PAM only a sub-set of MENU becomes visible.

 

Environment

Release : 3.x.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

1. Ensure the network issue has been completely resolved.

2. SSH to PAM nodes in Primary Site and restart DB

At this point all MENU should be visible when you logon to PAM

3. Restart Clustering.

The Clustering may appear as ON but the VIP would not be listening.

Requires a proper restart of Cluster to bring up the VIP.

 

Attachments