PAM-CMN-5198 and PAM-CMN-5106 errors trying to join cluster
search cancel

PAM-CMN-5198 and PAM-CMN-5106 errors trying to join cluster

book

Article ID: 248953

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Due to some DNS problem we added host file entries to our PAM cluster recently using the Configuration > Network > Host File Entry page to allow communication between the nodes to work w/o relying on DNS. This was working well. But when we had to remove a node temporarily from the cluster and then tried to have it join the cluster again, we got error:

PAM-CMN-5198: Failed to join the cluster. PAM-CMN-5106: Failed to update member xxx, it isn't alivePAM-CMN-5106: ...

The members shown in the PAM-CMN-5106 messages are alive and active in the cluster, and there is no firewall blocking communication. The Host File Entry page on the node we are trying to get back into the cluster does show all the entries we had added for the cluster, but they don't appear to be in use.

Environment

Release : 4.0.1

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

When a node leaves the cluster, PAM restores a backup of the /etc/hosts file saved prior to the node becoming an active cluster member. In this case the entries had been added on another node while the cluster was on. Since these are global settings, they were replicated to all cluster nodes. When the node left, the old hosts file without the added entries was restored, but the PAM database still contained them, and the UI displays information read from the DB.

Resolution

This problem should be fixed in 4.0.3+ and 4.1.0+.

For a workaround you can make a minor change, e.g. in a description field, of one of the host file entries seen in the UI. Once you save the change, the entries should be copied to the /etc/hosts file and the PAM-CMN-5106 errors should be resolved.