Error Message:- Message 24003: A potential tampering attempt has been detected, the end-user's local system may be compromised. Account deactivated.
Article ID: 93603
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
The user account get's deactivated after the first login and the following error message is logged in the session log. "Error Message:- Message 24003: A potential tampering attempt has been detected, the end-user's local system may be compromised. Account deactivated."
Environment
CA PAM 2.8.x or any release of CA PAM.
CA PAM can be either a standalone setup or an cluster environment.
The connection to CA PAM is performed over a VPN connection.
Cause
One of the main factor for this kind of a problem is existence of a VPN connection between the location from where the login is being performed and CA PAM Server, the connection is being performed across an insecure VPN is not trusted.
Resolution
To fix this problem, the certificate from the CA PAM server needs to be exported and deployed on the VPN application so that the incoming connections over the VPN are secure and are trusted.
Below are the steps for exporting the certificate:
- Login to CA PAM server
- Click on Config-->Security
- Scroll till "Download Certificate or CSR
- Please download the Certificate from here and also provide a passphrase (Password)
- The Certificate name can be the default or this can be modified if required, the default name is "gkcert.crt"
- This password would be required while importing this Certificate in the VPN
- After the certificate is installed on the VPN server, the problem is users being deactivated is resolved.
Additional Information
The deactivated in user is displayed under the "Users-->Manage Disabled Users" in CA PAM 2.8.x release
In case of CA PAM 3.x release the deactivated user is displayed under the "Users" tab itself.
Feedback
Yes
No
Powered by
