Login as an AD-user to ENTM Web UI takes a noticeable amount of time.

Article Id: 35748
Status: Published
Updated On: 11-05-2020 13:23
Legacy Id: TEC1742131
Products:
CA Privileged Access Manager - Server Control (PAMSC) , CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction:

Logging into the Enterprise Management GUI with an Active Directory user store takes a long time.

 

 

 

 

Cause:

This behavior can be caused by various reasons, including the following.

  1. The user belongs to a large number of nested AD user groups with many members.
  2. Active Directory is spreading over several trees.
  3. SSL is used to connect to AD and to ENTM's JBoss server.
  4. The user has been authorized to many privileged accounts in ENTM.

Resolution:

  1. If possible, simplify group assignments in AD for the ENTM user so the user is member of a few groups with few members only.
  2. Change the connection port number to 3268 (LDAP) or 3269 (LDAPs/SSL) for AD connection. Now SAM will search for Global Catalog.
  3. Configure ENTM so the My Privileged Accounts page does not automatically search upon login.

Additional Information:

Active Directory and Active Directory Domain Services Port Requirements:
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

How to Change the Active Directory port for Privileged Identity Manager:
https://knowledge.broadcom.com/external/article?articleId=190536

How to disable auto-loading of My Privileged Accounts Tab:
https://knowledge.broadcom.com/external/article?articleId=66633