search cancel

Getting error PAM-CMN-072 when adding a target account to a Windows Proxy server and error 404 not found when trying to delete it

book

Article ID: 258250

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

During creation of accounts for a recently onboarded Proxy server, error 

PAM-CMN-072 An error occurred. If the issue persists please ask your systems administrator to investigate

is obtained

It is also not possible to subsequently delete the Proxy Server created as error

404 Not found

is displayed in the GUI

Environment

CA PAM release 4.0.1

Cause

In versions 3.3 and higher a change was introduced in the database schema that increased the value of the requestserverid field in the requestserver table in the cspm database to a bigint value. This change was also applied to the tables in the uag database in CA PAM. Tje requestserverid field is an incremental value which is not reused and which is shared accross a cluster. This value increases by 1000 every time a Proxy server or A2A requestserver is added to PAM and contains a offset for each cluster member (e.g. the node 1 will increment values from 1001 to 2001, 3001...; node 2 will increment values from 1002 to 2002, 3002... and so forth).

The difference between bigint and int is that in the first case it can accomodate values in the range from -9,223,372,036,854,775,808 to 9,223,372,036,854,775,807, whereas int can only contain values from -2,147,483,648 to 2,147,483,647.

It is highly unusual- but still possible- that a regular production environment reaches a situation where the requestserverid values go beyond the range covered by the int specification. Use cases that might cause this may include many failed attempts at registering servers or processes in loop which may cause large jumps in the value due to it not being reused.

In these situations, the database is prepared to accomodate values of type bigint, but part of the java code used to perform data manipulation still contained references to int in this version of the product 

Resolution

This is corrected in later 4.0.X versions as well as in version 4.1.X. Please consult Broadcom Support before moving to a higher version.

There is also a hotfix 4.0.1.23 which corrects this problem as well as other associated ones due to these discrepancies. Please contact Broadcom Support if this patch is required.