PAM-CM-6001 User accounts disabled due to inactivity - deactivated user
Article ID: 224051
Updated On:
Products
Issue/Introduction
PAM was recently upgraded to 3.4.5 and now the user accounts are being disabled due to inactivity. Can this feature be disabled or configured? Both Disable Inactive After and Remove Disabled After are set to 0 days.
| PAM-CM-6001: 36 inactive user(s) have been auto deactivated for exceeding maximum allowable inactivity period of 0 day(s). |
| PAM-CM-6012: Started the user deactivation task. |
Environment
Privileged Access Manager 3.4.5
Cause
This is caused by a bug introduced in the patch to 3.4.5
Resolution
This problem is fixed in 3.4.6, 4.0.1, and 4.1.0, upgrade to one of these versions to resolve the issue.
If an upgrade is not possible at this time, workaround the issue by setting the # of days higher than 0 (the max is 730). This will not stop the timeouts for inactive users but will give some control until a patch can be provided
To re-enable the deactivated users, go to Users > Manage Users, set the filter to "Account Enabled" and "False", then select the users and click ENABLE.
Additional Information
The fix is NOT included in the PAM_USERS_DEACT_2022 Hotfix, which was published in January 2022 to resolve a different problem causing false user deactivations. For 3.4.5, use the resolution in this KB even if PAM_USERS_DEACT_2022 has been applied.
Feedback
