Cannot login to PAMSC ENTM server after upgrading the Windows AD servers
search cancel

Cannot login to PAMSC ENTM server after upgrading the Windows AD servers

book

Article ID: 382673

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

After upgrading their AD servers from Windows 2012 to Windows 2019 and enforcing the use of TLS 1.2 or higher for LDAP connection no one can login to the PAMSC ENTM servers. The error is simply bad user or password.

Environment

PAMSC 14.1

Cause

The original PAMSC 14.1 installation uses an outdated version of unboundid-ldapsdk-se.jar, which enforces the use of TLSv1. 

Resolution

Update to the latest PAMSC version or unboundid-ldapsdk library can be updated to version 6.0.6, which defaults to using TLSv1.2, by opening a support ticket with Broadcom Support to obtain this jar file update.

 

Steps to apply the fix:

Download the attached unboundid-ldapsdk-6.0.6.jar file
Stop the Wildfly Server
Navigate to <WILDFLY_HOME>\standalone\deployments\IdentityMinder.ear\library
Backup the unboundid-ldapsdk-se.jar file
Remove the unboundid-ldapsdk-se.jar file
Copy unboundid-ldapsdk-6.0.6.jar to <WILDFLY_HOME>\standalone\deployments\IdentityMinder.ear\library
Navigate to <WILDFLY_HOME>\standalone\deployments\IdentityMinder.ear\user_console.war\WEB-INF\lib
Remove the unboundid-ldapsdk-se.jar file
Copy unboundid-ldapsdk-6.0.6.jar to <WILDFLY_HOME>\standalone\deployments\IdentityMinder.ear\user_console.war\WEB-INF\lib
Navigate to <WILDFLY_HOME>\standalone
Delete the tmp folder
Start the Wildfly Server