After upgrading CA PAM from 4.0 to 4.1 we found out that the VNC wasn't working, we did lots of researches although we weren't able to find a solution, we tried to update passwords as it says ''bad sso password'' but we got no result.
Release : 4.1
VNC access in fact was not configured with a password, but the PAM access policy had a target account configured for auto-login. The newer release will fail the access session, if it cannot successfully insert the configured credentials.
Review your VNC server configurations. They may have been changed at one point to not require a password to work around a problem. If you want to keep this configuration, removing the target account from the access policy in PAM should resolve the problem. Otherwise reinstate the VNC password requirement and make sure the configured password is in sync with the PAM target account that is used in the access policy.