Unable To Join PAM AWS Clusters With On-Premise Cluster
search cancel

Unable To Join PAM AWS Clusters With On-Premise Cluster


Article ID: 268674


Updated On:


CA Privileged Access Manager (PAM)


Over the weekend, I tried to join PAM clusters deployed in AWS (Oregon, Frankfurt & Sydney) with the On-Premise cluster. Only the Oregon cluster was successfully joined. The other 2 had this error message below:


Error: PAM-CMN-5083: Unable to turn on the cluster because one or more cluster members failed cluster start checks.

PAM-CMN-5128: NTP not properly configured.



For the Oregon cluster, I didn't have to define any NTP details. I'll need to know why this is coming up on the other 2. I'll also checked the Security groups defined in AWS to established connection with PAM and it looks in order.




Release : Any


NTP was failing for different reasons from each region. One region could not access the NTP service through their firewall and another was simply not resolving the FQDN defined for the NTP service.


At this time it does appear that NTP is available internally in AWS through Amazon Time Sync Service or time.aws.com (See Amazons link for the latest information on this service https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html  )


Setting the NTP service to Amazons internal service worked.