search cancel

Minimum configuration require before adding a new node into a PAM cluster


Article ID: 237787


Updated On:


CA Privileged Access Manager - Server Control (PAMSC)


Please define the minimum amount of configuration needed before adding a new appliance into a PAM cluster.


Release : 3.4.x ,  4.0.x

Component : Cluster 


Described below is a list of the configuration items that are not sent or updated when an appliance is added to a cluster. If you are adding a new node your should consider all these prior to adding to the cluster to avoid needing to recycle the node or eject it from the cluster.


Required - All network and DNS settings should be set

Required - Add and confirm all licensing is set and matches the license defined in the existing cluster


Required - Ensure NTP is configured and working, (look for the condition sys.peer)

Required - Add and confirm the cluster certificate is set. (Depending on your exact configuration you may need to update all nodes in the cluster with a certificate that includes this new node in the SANS configuration)

Required - Upload any custom Branding Logo


Required - If using SAML for authentication Ensure at least the "Fully Qualified Hostname" and the "Certificate Key Pair" are set


Required - If you are using a sybase target account you will need to manually upload the sysbase jar file to the node which should be done prior to using



Recommended - While you can change the config user password after the node is added to the cluster it is suggested you ensure it is changed before adding to the cluster. Note after adding a new appliance to the cluster the super password is overwritten by the cluster, the config user password is not updated when adding to the cluster.

https://<NODE IP>/config    ( )