Users connect to PAM through the cluster VIP address. Sporadically, the user will get logged off (either due to inactivity or because an admin logged them off) and get the following error when they try to log back in.

PAM-CMN-0916: This CA PAM appliance is in maintenance mode. Only admin level users can login.

Privileged Access Manager, all versions as of November 2024

This behavior is expected with the way the PAM client is currently coded.

When a user first connects to the PAM client, they will enter the cluster VIP in the address and connect.

The cluster VIP will then determine which appliance to direct the user and connect them to the login prompt. In this example, the VIP directed the user to the 101 appliance.

When that user gets disconnected, either by inactivity or by an admin logging them out, the PAM client will redirect them to the login prompt for the appliance they were connected to.

If that appliance was put into maintenance mode during the user's session, then they will get the PAM-CMN-0916 error when they try to login again.

There is an open feature request and development is looking how to change this behavior in a future release. For now, advise end users to hit the Back button any time they are forcibly logged out of PAM.