The user account get's deactivated after the first login and the following error message is logged in the session log. "Error Message:- Message 24003: A potential tampering attempt has been detected, the end-user's local system may be compromised. Account deactivated."
CA PAM 2.8.x or any release of CA PAM.
CA PAM can be either a standalone setup or an cluster environment.
The connection to CA PAM is performed over a VPN connection.
One of the main factor for this kind of a problem is existence of a VPN connection between the location from where the login is being performed and CA PAM Server, the connection is being performed across an insecure VPN is not trusted.
To fix this problem, the certificate from the CA PAM server needs to be exported and deployed on the VPN application so that the incoming connections over the VPN are secure and are trusted.
Below are the steps for exporting the certificate:
Login to CA PAM server
Click on Config-->Security
Scroll till "Download Certificate or CSR
Please download the Certificate from here and also provide a passphrase (Password)
The Certificate name can be the default or this can be modified if required, the default name is "gkcert.crt"
This password would be required while importing this Certificate in the VPN
After the certificate is installed on the VPN server, the problem is users being deactivated is resolved.
The deactivated in user is displayed under the "Users-->Manage Disabled Users" in CA PAM 2.8.x release
In case of CA PAM 3.x release the deactivated user is displayed under the "Users" tab itself.