Unable to process your login request. The password may have expired, of the account may be disabled or locked. Contact your system administrator for assistance."
Article ID: 214605
Updated On:
Products
Issue/Introduction
Unable to login to target devices with target accounts, accounts verified outside of PAM.
After adding target account to connect to devices, an error is returned when attempting to use the account. The errors says "Unable to process your login request. The password may have expired, of the account may be disabled or locked. Contact your system administrator for assistance."
Cause
Catalina.out returns:
SEVERE: Call to Gatekeeper service controller failed: PAM-CMN-0259: User not found.
May 07, 2021 12:39:24 PM com.ca.pam.rest.UserService getUserSelf
SEVERE: Call to Gatekeeper service controller failed: PAM-CMN-0259: User not found.
Environment
Release : 3.4.0.424
Component : PAM
Is this part of a cluster? Yes this is a cluster
This issue recently started to occur? This issue is new, however these are the first target accounts we have added to this domain. The target accounts under our other domain work after being added.
If so, when were you last able to add a target account to connect to devices and they work? Accounts were added this week and they work on the other domain.
Does this happen for all new target accounts or only target accounts of a specific Account Type (A2A or privileged?)? It’s only privileged accounts we are using.
What is the Application type and does it work for other application types? The application type is Active Directory
You were able to verify this works outside of PAM through RDP and verified the passwords so the above questions are important to answer in order to isolate the issue.
Are you seeing any other PAM-CMN errors in the UI when trying to use the Account? No
Resolution
In this case the issue was with the domain name configured on the target application. Once correct we were able to resolve the issue and connect via RDP.
Feedback
