Privileged Access Manager 3.x

The inconsistent behavior is caused by one or more DCs in the environment not being properly configured for SSL communication. To confirm which DC caused the error, go to Configuration > Diagnostics > Diagnostic Logs, click on the Download tab, and click View Recent Log Entries next to Tomcat Logs. The following error can be found in the logs, which mentions the IP of the DC that caused the error.

Nov 10, 2020 4:57:59 PM com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager loginToActiveDirectoryServer
SEVERE: Failed authentication to Active Directory using account 'PAMLDAPADMIN'
com.cloakware.cspm.server.app.ApplicationException: Connection reset
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.convertToApplicationException(WindowsDomainServiceTargetManager.java:1411)
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.createLDAPContext(WindowsDomainServiceTargetManager.java:1304)
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.loginToActiveDirectoryServer(WindowsDomainServiceTargetManager.java:1121)
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.verifyPasswordInActiveDirectory(WindowsDomainServiceTargetManager.java:732)
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.verifyCredentials(WindowsDomainServiceTargetManager.java:695)
    at com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.performUpdate(WindowsDomainServiceTargetManager.java:1831)
    at com.cloakware.cspm.server.app.TargetManager.run(TargetManager.java:668)
Caused by: javax.naming.CommunicationException: 10.1.1.1:636 [Root exception is javax.net.ssl.SSLException: Connection reset]

As a workaround, take the domain controller out of the configuration so PAM will not communicate with it. Once the server has been properly configured for SSL communication, add it back.