ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PAM-CM-6001 User accounts disabled due to inactivity - deactivated user

book

Article ID: 224051

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Hi,

We recently upgraded our new PAM server to 3.4.5 and now the user accounts are being disabled due to inactivity. How do I disable this feature? Both Disable Inactive After and Remove Disabled After are set to 0 days. 

 

PAM-CM-6001: 36 inactive user(s) have been auto deactivated for exceeding maximum allowable inactivity period of 0 day(s).
PAM-CM-6012: Started the user deactivation task.

Cause

This is caused by a bug introduced in the patch to 3.4.5

Environment

Release : 3.4

Component :

Resolution

To workaround the issue simply set the # of days higher than 0 (max is 730). This will not stop the timeouts for inactive users but will give some control until a patch can be provided

To re-enable bulk users you can select all and enable through the gui

Additional Information

This problem is fixed in 3.4.6 and 4.0.1, but the fix is NOT included in the PAM_USERS_DEACT_2022 Hotfix, which was published in January 2022 to resolve a different problem causing false user deactivations. For 3.4.5 you need to use the resolution discussed above, even with PAM_USERS_DEACT_2022 applied.

Attachments