We have deployed PAM 4.0 along with two Utility Appliances in PRODUCTION. Utility Appliances is basically used to forward all event logs to Splunk. We recently upgraded to PAM 4.1.2. Infrastructure was working fine after upgrade since last 3 months.

Suddenly one Utility Appliance stopped sending logs to Splunk. All services on affected UA shows status on. Second UA is working fine and sending logs to Splunk. 

Release : 14.1

Client had snapshots enabled on the endpoints but there is no service in the PAM Utility message queue to deliver snapshot information as this is not a feature of PAM. This filled the message queue beyond its scope causing it to fail.

Client needed to disable the snapshot option in all endpoints otherwise he will need to keep cleaning up the queue/snapshots in the ActiveMQ