PAM UI is not accessble on one cluster member
Article ID: 279373
Updated On:
Products
Issue/Introduction
PAM End-users cannot get to the PAM UI, they get the error:
Failed to connect to CA Privileged Access Manager when trying to login.
If this affects a primary site cluster node, other primary site nodes will continue to show the problem node as active and in sync, as mysql database replication in the primary site does not need the web service.
Environment
4.1.0-4.1.5
Cause
The SPFD deamon, which is the front-end for web services and thus the process listening on the HTTPS port 443, failed and did not get restarted automatically.
Resolution
Reboot the node to resolve this problem.
Additional Information
In 4.1.6-4.2.0 there is a small risk that this problem can prevent the Credential Management component from working right after a cluster restart. The SPFD daemon is restarted automatically after a failure in these releases, but if this happens while the cluster is turning on, it's possible that the tomcat service handling Credential Management does not restart properly in cluster mode. The node would be accessible, but password retrieval would not work. This also can be resolved by a reboot. The problem is expected to be fixed for good in 4.2.1+.
Feedback
