ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Pam API calls not working after upgrade from 3.4.0 to 4.0.2

book

Article ID: 241692

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

All API calls made through code or PAM UI are returning the same error as below. We have two sites with two clustered Servers in each side. The cluster is up and running. Started after upgrade from 3.4.0 to 4.02 this morning. 

PAM-CMN-2275: Unable to retrieve Password Authority password for  username apiuser-43001 external API user for CN=apiuser,OU=ou1,OU=ou2,OU=ou3,OU=ou4,OU=Accounts,DC=valenet,DC=companyname,DC=net.  Error: PAM-CM-0574: Missing required parameter: referenceCode.

PAM-CMN-1675: User CN=apiuser,OU=ou1,OU=ou2,OU=ou3,OU=ou4,OU=Accounts,DC=valenet,DC=companyname,DC=net using API key 01531126 can't perform GET operations while cluster is stopped. /api.php/v1/logs.json?sortBy=-dateTime&searchRelationship=AND&fields=logId,dateTime,date,userName,details,transaction,targetAccount&relativeDateInterval=2&relativeDateIntervalUnit=day&details=PAM-CMN-2372&transaction=admin&limit=0&referenceCode=Log_view was not executed.

Cause

It doesn't make sense for an automation api user to have the "Reason Required for Auto Connect" limitation in their PVP Policy.

Environment

Release : 4.0

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Disable the option  "Reason Required for Auto Connect" in PVP Policy associated to the Api Target Account resolved the issue.