We are attempting to create a PAM Endpoint from CA Identity Manager but are encountering the following error:

ETA_E_0016<AAC>, Account for Global User 'test' on Endpoint 'PAM_TEST' creation failed: :ETA_E_0004<AAC>, Account 'TEST' on 'PAM_TEST' creation failed: Connector Server Add failed: code 53 (UNWILLING_TO_PERFORM): failed to add entry eTDYNDirectoryName=PAM_TEST,eTNamespaceName=CA Privileged Access Manager,dc=im,dc=etasa: JCS@TEST: PAM: peer not authenticated (ldaps://xx.xx.xx.xx:20411).

The process works successfully in an environment with IM 14.5 and PAM 4.1, but it fails in another environment using IM 14.5 and PAM 4.2.

According to Broadcom's tech documentation, Symantec Privileged Access Manager 4.1.1 is officially supported:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-5/platform-support-matrix/connectors-and-endpoint-types.html

Are IM 14.5 and PAM 4.2 compatible?

Release : 14.5
Component : CA Identity Suite Virtual Appliance

As of February 18, 2025, Engineering confirmed that the PAM 4.2 version is not certified with IDM 14.5 but we expect it to work without any code changes.

We are able to acquire the PAM 4.2 endpoint in our 14.5.1 CHF1 lab successfully. We also had the same error "PAM: peer not authenticated" because of the attribute "PAM Server".

This needs match the SAN from certificate coming from PAM Server, in our example the test.com host is the same correspondent of PAM certificate.