search cancel

CA PAM is unable to rotate password on few Oracle DB Target accounts


Article ID: 238765


Updated On:


CA Privileged Access Manager (PAM)


PAM Admin is unable to rotate password on few Oracle DB Target accounts, via Schedule job or manually.

The UI throws the following error "PAM-CM-1761: Failed to synchronize/verify account. See logs for details" this error.



In our Tomcat logs, the following errors were happening:

ORA-28003: password verification for the specified password failed
ORA-20003: Password should contain at least one digit, one character and one punctuation


Release : 4.0.x




These errors means on your Oracle Server - you have a profile set that requires complex passwords and the PAM Password Composition Policy doesn't match.

In Oracle you need to determine the profiles associated with 

select username,profile from dba_users where username = 'Userid';

this will return the user's profile that has some password composition policy associated with it:

select * from dba_profiles where profile = 'profile name that came from the above command';

Than in PAM on the server you must match the composition policy:

PAM UI >> Credentials >> Managed Targets >> Password Composition Policies

Here you need to create/update a password policy and assign it to your Oracle Application in PAM:

PAM UI >> Credentials >> Managed Targets >> Applications >> Oracle App and here you must add that to it.