search cancel

Unable to process your login request. The password may have expired, of the account may be disabled or locked. Contact your system administrator for assistance."

book

Article ID: 214605

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Unable to login to target devices with target accounts, accounts verified outside of PAM.

After adding target account to connect to devices, an error is returned when attempting to use the account. The errors says "Unable to process your login request. The password may have expired, of the account may be disabled or locked. Contact your system administrator for assistance."

Cause

Catalina.out returns:

SEVERE: Call to Gatekeeper service controller failed: PAM-CMN-0259: User not found.
May 07, 2021 12:39:24 PM com.ca.pam.rest.UserService getUserSelf
SEVERE: Call to Gatekeeper service controller failed: PAM-CMN-0259: User not found.

Environment

Release : 3.4.0.424

Component : PAM

Is this part of a cluster?  Yes this is a cluster

This issue recently started to occur?  This issue is new, however these are the first target accounts we have added to this domain. The target accounts under our other domain work after being added.

If so, when were you last able to add a target account to connect to devices and they work? Accounts were added this week and they work on the other domain.

Does this happen for all new target accounts or only target accounts of a specific Account Type (A2A or privileged?)?  It’s only privileged accounts we are using.

What is the Application type and does it work for other application types?  The application type is Active Directory

You were able to verify this works outside of PAM through RDP and verified the passwords so the above questions are important to answer in order to isolate the issue.

Are you seeing any other PAM-CMN errors in the UI when trying to use the Account?  No

 

Resolution

In this case the issue was with the domain name configured on the target application. Once correct we were able to resolve the issue and connect via RDP.