We applied the 4.0.0 upgrade patch to several cluster nodes, but it was not successful on any of them. For all but one the UI did not come back and we had to recover snapshots. For one node the UI did allow us to log on again. The PAM version at the bottom was shown as 4.0.0, but the dashboard showed error message
"PAM-CMN-1264: Upgrade failed. Please review the audit log and then perform a system recovery."
And the Configuration > Upgrade page did not list the 4.0.0 upgrade patch as applied.
The database had some historic entries for devices with an OS type that was not in the list of available OS types. At one point in old releases it was possible to publish a custom OS type such as "IBM AS 400" with API calls, but this is no longer possible. 4.0.0 adds a new constraint forcing any OS type to be present in the table holding available values, and this failed over the old conflicting data.
Release : 4.0, upgrading from any supported lower release
Component : PRIVILEGED ACCESS MANAGEMENT
This should only affect PAM implementations with a long history of upgrades, and a long history of API usage, and even then may not be a concern.
It present, the problem can be fixed by PAM Support with a DB query to correct host entries that have a custom OS type configured, prior to upgrading to 4.0.0.
It is expected to be fixed in future upgrade patches, starting with 4.0.2. Upgrades from 4.0.X to the next release will not be affected, because the constraint will have been added already.