A former production cluster member was taken out of the cluster and moved into a disaster recovery (DR) environment following instructions on documentation page Cluster Backup and Disaster Recovery Process. This was done while running the PAM 4.1.1 release. Since then the cluster and the DR node were upgraded to 4.1.6. But now the DR node is broken after restoring a 4.1.6 DB backup.

The PAM 4.1.2 release included a switch from OpenSSL to WolfSSL as crypto-provider in non-FIPS mode, see New Features and Enhancements in 4.1.2. This introduced a new set of encryption files stored on disk. The files will be different on nodes that are upgraded independently. Because the DR node never joined the cluster after the upgrade to 4.1.6, it could no longer decrypt any passwords stored in the DB.

If possible, temporarily join any DR node with the production cluster again after a PAM upgrade. Typically this is not mandatory, because most upgrades do not change the crypto-provider. But any upgrade from 4.1.1 or lower to 4.1.2+ will have this problem, and we cannot exclude that a future PAM release will be disruptive to the DR environment again. If the DR node cannot be brought back into the cluster even for a short time, contact PAM Support.

Information on how target account passwords are stored in PAM is found in KB 123064.