"Endpoint cannot be created in this endpoint type" When Trying to Create Access Control for PUPM Endpoint
search cancel

"Endpoint cannot be created in this endpoint type" When Trying to Create Access Control for PUPM Endpoint

book

Article ID: 30152

calendar_today

Updated On: 05-22-2025

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

When trying to create a SAM/PUPM endpoint of type "Access Control for PUPM", it fails with the following error.

Error:  Endpoint cannot be created in this endpoint type. Details: Failed to authenticate user. Verify the user name or password Native error: org.apache.log4j.Logger.error(Ljava/lang/Object;Ljava/lang/Throwable;)V

 

Cause

This means that the Distribution_Server parameter on the Endpoint is not pointing to the Enterprise Manager you are creating the SAM/PUPM Endpoint on. This could be because the PUPM integration option was not chosen when the ControlMinder/Access Control agent was installed on the Endpoint. In this case, it needs to be installed. It could also be that the PUPM integration option was chosen, but is pointing to a different Distribution Server than the Enterprise Manager you are creating the SAM/PUPM Endpoint on. 

Resolution

It is possible, and may be the easier option, to just reinstall the endpoint, making sure you install the PUPM integration option and point it to the Enterprise Manager you are creating the SAM/PUPM Endpoint on. Alternatively, this can be corrected by changing the parameter Distribution_Server on the Endpoint.

 

On a Windows endpoint, this is located in the registry below. On Linux/Unix, this is located in accommon.ini as Distribution_Server in the [Communication] section.

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Common\communication\Distribution_Server

For both Windows and Linux/Unix, change the value to:

ssl://<entm hostname>:<port> 

Where <entm hostname> is the hostname of the Enterprise Manager you are creating the SAM/PUPM Endpoint on and <port> is the communication port, e.g. ssl://ENTMServer.example.com:7243

 

 

Additional Information

Support for Shared Account Manager functionality ended on November 12th, 2022, according to this announcement. If Shared Account Management functionality is still being utilized, please contact your Broadcom account representative to discuss migration options.

 

For more information about the Distribution_Server token and other tokens within the [Communication] section, please refer to the Communication Registry documentation page for Windows, or the Communication (accommon.ini) documentation page for Linux.

Please note that it may also be required to update the communication password. Please refer to one of the following documentation pages for the instructions on how to update the communication password.

PIM 12.9: Changing Message Queue Communication Settings
PIM 14.0: Changing Message Queue Communication Settings