After upgrade of a CA PAM cluster, the password management component is unable to start

book

Article ID: 7430

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

An upgrade of a CA PAM 2.5.6 cluster to 2.6 was being performed.

The following steps had been undertaken:

  • The admin had stopped the cluster as a prerequisite for the upgrade.  The VIP address for the cluster used to be 10.1.10.54
  • The admin wanted all users to still be able to access the standalone upgraded node using the VIP address
  • As a result, the admin changed the IP address of the cluster interface of this upgraded node from 10.1.10.55 to 10.1.10.54 in the Network Config page
  • After restarting Password Authority (for instance via a reboot) as part of the upgrade process, the admin was no longer able to access the Password Authority UI: each attempt logs the user out and in the Password Management catalina.out log, the following message is displayed: DataSourceManager.initialize Could not find local IP address.

Cause

Password Authority as part of startup will verify that if the cluster is configured, even if off,  the node it is starting in is a member of the cluster. If it fails to find itself in the cluster member list, it will shut down.

When the IP address of the node was changed from 10.1.10.55 to 10.1.10.54, the cluster configuration was not updated so that, as a result, the cluster configuration still contained the 10.1.10.55 address and not the node’s new address of 10.1.10.54.

This resulted in PA failing to start.

 

Environment

Release: PAMDKT99500-2.7-Privileged Access Manager-NSX API PROXY
Component:

Resolution

Updating the cluster configuration member list to change the node IP from 10.1.10.55 to 10.1.10.54 allowed Password Management to start fine