Error is PAM-CM-4056: Change Process account must be a Windows Remote Administrator on the same application
search cancel

Error is PAM-CM-4056: Change Process account must be a Windows Remote Administrator on the same application

book

Article ID: 409150

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

You have a Service Account in AD, this account is added into CA PAM
You have a Windows Remote Target Device added
You want to manage the local account of the Windows Remote host
The AD Account is added to the local Administrators Group on the Windows Remote Host
Verified the RDP login works with the local account in the Windows Remote Host
When you are trying to verify the password of the local account in the Windows Remote Host, you get the error as mentioned below.
"PAM-CM-4056: Change Process account must be a Windows Remote Administrator on the same application."

Environment

CA PAM 4.2.x

Cause

Configure Windows Remote Target Accounts

  • If you select the magnifying glass next to "Use the following account to change password" for the Change Process, a Target Account dialog appears. Select an account that is of Administrator account type from the same Windows

Resolution

This is a product limitation, you need a local account, it is hardcoded not allowing a domain account for that purpose.

Attachments

36542042-error-message.jpg get_app
Powered by Wolken Software