When integrating CA Identity Manager (IAM) with CA PAM (Privileged Access Manager), after assigning the base role which is responsible for the creation of a PAM user account and Application AD Account, the Application AD Account is getting created but not the PAM user account.

The user's target account is getting created in AD but the user's account in PAM is not getting created. After synchronizing the user with the role getting following error through Provisioning Manager:

:ETA_E_0016<AAC>, Account for Global User 'x922' on Endpoint 'CA PAM' creation failed: :ETA_E_0004<AAC>, Account 'DS' on 'CA PAM' creation failed: Connector Server Add failed: code 53 (UNWILLING_TO_PERFORM): failed to add entry eTDYNDirectoryName=CA PAM,eTNamespaceName=CA Privileged Access Manager,dc=im,dc=etasa: JCS@IAMUAT002: PAM: peer not authenticated (ldaps://#####:20411).

Release : 14.x

Component : IDENTITY MANAGER

This issue can be caused by Certificate Issues.  Refer to the prerequisites for integration in the product documentation.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-management-and-governance-connectors/1-0/connectors/ca-connectors/ca-privileged-access-manager/security-requirements-for-ca-pam-connector.html