A new Active Directory target account is being added to PAM, but the following error occurs when trying to save it.

PAM-CM-0572: An error occurred; if this problem persists then please ask your Administrator to investigate.

Privileged Access Manager 4.2.1 & 4.2.2 with Active Directory target accounts

The PAM-CM-0572 is a generic error message which has a number of causes. For this scenario, the issue was caused by a bad password for the AD account. In the Tomcat logs, the following error was seen during the time the issue happened. The 52e LDAP error means the username or password was incorrect.

2025-03-26T20:07:02.907+0000 SEVERE [com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager] com.cloakware.cspm.server.plugin.targetmanager.CreateLDAPContextAction.performCreateLdapContext Error creating LDAP Context: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090510, comment: AcceptSecurityContext error, data 52e, v4563]

Update the account in AD and set its password to match the one being stored in PAM. Once the username and password match, the account will save successfully.