Customer facing a problem with Azure endpoint accounts after upgrading from 14.4 CP1 to 14.4 CP1 CHF2.

After the upgrades and patch installations the environment seems to be working ok but the Azure accounts for users do not open.

Identity Managers server.log is written with the following kind of error:

2022-08-26 11:24:15,370 ERROR [com.netegrity.crypto.PBESHA1RC2CBCPKCS12PBE5128Handler] (default task-103) org.bouncycastle.util.encoders.DecoderException: unable to decode base64 data: invalid characters encountered in base64 data
2022-08-26 11:24:15,618 ERROR [im.provisioning.account] (default task-103) Error while retrieving the account. This could be due to unavailable endpoint.Failed to load properties [dirSyncEnabled, emailAddress, phoneNumber, passwordPolicies, suspended, userType, servicePlan, postalCode, stateOrLocality, city, mailNickname, mobileNumber, lastName, preferredLanguage, jobTitle, fullName, usageLocation, externalId, proxyAddresses, memberOf, firstName, streetAddress, country, otherMails, faxNumber, department, assignedApplications, manager]: javax.naming.NamingException: [LDAP: error code 80 - :ETA_E_0020<RAC>, User Account 'xxxx.xxxx@xxxx' on 'Azure' read failed: Connector Server Add failed: code 80 (OTHER-NamingException): failed to add entry eTDYNDirectoryName=Azure,eTNamespaceName=Azure,dc=im,dc=etasa: java.lang.IllegalArgumentException: No enum constant com.ca.jcs.connectors.common.rest.request.page.PaginationType.CURSOR. (ldaps://xx.xxx.xx.xx:20411) ]; remaining name 'eTDYNAccountName=xxxx.xxxx@xxxx,eTDYNAccountContainerName=Accounts,eTDYNDirectoryName=Azure,eTNamespaceName=Azure,dc=im,dc=eta'
2022-08-26 11:24:15,656 ERROR [ims.ui] (default task-103) com.netegrity.llsdk6.imsapi.exception.ImsRuntimeException [facility=4 severity=3 reason=0 status=6 message=Unrecognized command]
Failed to fetch the account. This could be due to an unreachable endpoint.
        at com.ca.identitymanager.provisioning.managedobjectprovider.impl.AccountProviderImpl.getManagedObject(AccountProviderImpl.java:357)
        at com.ca.identitymanager.provisioning.managedobjectprovider.impl.AccountProviderImpl.getManagedObject(AccountProviderImpl.java:364)
        at com.netegrity.llsdk6.imsimpl.managedobject.ManagedObjectImpl._add(ManagedObjectImpl.java:389)
        at com.netegrity.llsdk6.imsimpl.BaseObject.addAttributes(BaseObject.java:2604)
        at com.netegrity.ims.task.TaskSessionImpl.addSubjectAttributeRights(TaskSessionImpl.java:1714)
        at com.netegrity.ims.task.TaskSessionImpl.createTabHandlers(TaskSessionImpl.java:1674)
        at com.netegrity.ims.task.TaskSessionImpl.setSubject(TaskSessionImpl.java:645)


If we try to open the Azure accounts from the Provisioning Manager, it gives the same error and if we try to open the Azure Endpoint via Provisioning Manager, it gives the same error.

Release : 14.4

Component :

Check if there are different versions between vApp Connector Server bundles and Windows Server Remote Connector Server bundles in the IAM Connector server JCS bundles.

If the versions are different between vApp Connector Server bundles and Windows Server Remote Connector Server bundles in the IAM Connector server JCS bundles,

Then apply the below patch:
14.4.1 NON-VAPP - Hotfix# for Azure Microsoft API Graph and Guest user Enhancement:
https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111446&os=MULTI-PLATFORM

Note that after applying the patch, the versions will not be exactly the same.

After applying the hotfix, please ensure to run the following command to deploy the latest Azure REST metadata in the Provisioning Directory.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/release-notes/Virtual-Appliance-Release-Notes/Hotfixes.html

After running the command registerJavaConnectors, please restart the dxserver, IMPS and IM server.

Please make sure to enter the Microsoft Graph API URL, the OAuth 2.0 Token Endpoint (v2) URL, and the OAuth Scope URL correctly as mentioned in the doc:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-management-and-governance-connectors/1-0/connectors/microsoft-connectors/microsoft-azure/manage-azure-with-rest-connector.html#concept.dita_65480e1a9def53c7ed2ee520ab0d801c268499b0_CreateanAzureEndpointinCAIdentityManager

Even after applying the resolution, if the issue persists then create a case for the support team to investigate further.