CA PAM login shows dashboard error message
Error: PAM-CM-0039: Unable to perform the operation. Please contact System Administrator.
PAM-UI-1702: No features are currently available
and syslog error shows the below for the same -
Unauthorized access to service controller
we observed this behavior when the particular node is part of the cluster and when we stop the cluster and try to login, it works fine. there was no error on cluster status or cluster logs.
Root cause please ?
Hello Bipin, this is too generic of an error to comment on. Please open a support case and attach the system logs from the Configuration > Diagnostics page. Assuming this is for PAM 3.X, you would expand Diagnostics in the Configuration menu on the left, select "Diagnostic Logs”, go to the "Download' page and click the DOWNLOAD button to the right of the CHOOSE FILE button.
BipinSh there is an internal thread around this as well and at least one other support ticket. If you are seeing this on nodes in secondary cluster, the behavior is similar.
That's right Richard. we are seeing this issue very frequently now and all secondary cluster nodes are getting affected. we can not stop and start cluster daily as it impacts end users activities. Please suggest.
I would open a support ticket if you have not already, so that your examples can be added to the existing research.
I did opened one ticket (00980452)with CA Support, but the answer was same that whenever this issue occurs we have to bring down the cluster and start again, which is not acceptable by end user. Please suggest if any patch or permanent fix is available for this issue. Daily we are facing this issue.
This ticket is still open. Please use the support ticket for communication until the problem is resolved.
I am currently facing the same issue.
Both errors (PAM-CM-0039 & PAM-UI-1702) showed when using CA PAM client.
While using the web browser, only PAM-UI-1702 appeared.
Is this issue fixed?
Yes, this was fix in hotfix 3.1.1.09 version. Go ahead and install it.
Thank you for your reply.But I believe this particular hotfix had been removed from the website: CA Privileged Access Manager Solutions & Patches - CA Technologies
Then it may be included in the current version of PAM, what version you are on?
I am currently running on 3.1.1.03
03 version doesn't have this fix. On your support ticket, ask for the hotfix 3.1.1.09, you should be good.
This issue can also occur if your /tmp becomes full.
For example, you were troubleshooting some issues and enabled debugging in many logs.
When you click on "Download System Logs" button, PAM will zip /var/logs, /opt/cloacware/*** and /opt/shibboleth-idp/*** folders and store them in /tmp/logs.tar.gz
Then PAM would encrypt this file and create /tmp/logs.bin file.
Let's say your /tmp partition was 2GB and the logs.tar.gz was generated to be 1GB.
Then logs.bin file will be generated which would be slightly larger than the logs.tar.gz file.
So, while creating logs.bin file, the /tmp partition might get full and this can affect running services from operating.
When you try to logon to PAM, you should still be able to logon but will see PAM-CM-0039(Unable to perform the operation) and PAM-UI-1702(No features are currently available).
If you had Debug SSH service enabled, then support can login via SSH and check if the /tmp partition is indeed full.
This would be one of the causes that can result in these errors.