Hi,
Accounts can be deactivated for the following reasons:
As you mentioned:
>> Our setting for Inactive after (Days) setting
We can also deactivate users:
>> Incorrect login attempts (Global Settings -> Password -> Failure Limit)
>> If you are using PAM Socket/Command Line Filters Policies. Inside the configuration - is to disable an account after various different violations.
Finally, which is probably the scenario you are running into and will be logged to the session log:
PAM-CMN-1167: A potential tampering attempt has been detected, the end-user''s local system may be compromised. Account deactivated.
This happens for a combination of reasons:
>> Certificate mismatch problems
>> Load Balancers are terminating the SSL connection
>> Insecure VPN
Here are some knowledge documents are these scenarios:
>
https://ca-broadcom.wolkenservicedesk.com/kb/error-message-message-24003-a-potential-tampering-attempt-has-been-detected-the-end-user-s-local-system-may-be-compromised-account-deactivated/kb000093603>
https://ca-broadcom.wolkenservicedesk.com/kb/user-disable/kb000107680
Original Message:
Sent: 07-08-2019 07:03 PM
From: Toygan Sevim
Subject: User account gets deactivated
Greetings,
I was wondering why would CA PAM User accounts will get deactivated? I am aware that due to inactivity this is a possibility, yet I had to activate 2 user accounts that were able to access the application 2 days ago since their accounts was "deactivated". PAM-CMN-1174 error received by the user while they were using the application. 
Please advise,
------------------------------
Thank you,
Toygan
------------------------------