Symantec Privileged Access Management

 View Only
  • 1.  Account keep on turning to unverified everyday

    Posted Oct 24, 2019 06:25 AM

    Hi Team,

    Seems like i'm having some Unix server account keeps on changing to unverified everyday. This is only happening on few of the Unix server.

    It does not shown as failed verification, but its in the unverified mode. So i have to manually verified the account everyday for this.

    any idea why that is happening ?.  and what is actually happening in the background when we are verifying the account ?

    This environment is CAPAM Version 2.8.3.

    Appreciate your help in advance.

    Thanks.



  • 2.  RE: Account keep on turning to unverified everyday
    Best Answer

    Broadcom Employee
    Posted Oct 24, 2019 10:00 AM
    Hi Afrezal, First of all, 2.8.3 has been End of Support for a year now, so you are running an unsupported release. You have to upgrade. Here are possibilities I can think of:
    - The accounts are used daily and have a Password View Policy that will try to change the password after use. When an attempt to update the password fails, the account will show as unverified, even though the current password may still be the right one.
    - You have a daily job configured that verifies all synchronized accounts, but this fails at the time the job runs (rather unlikely given that they verify just fine when you do it manually).
    - You have Credential Management configured to automatically update expired passwords and the passwords of these accounts are older than the maximum password age configured in the Password Composition Policy associated with the target applications these accounts belong to.

    If the problem is that the account updates fail, setting tomcat log level to INFO, trying to update the password and then reviewing the latest tomcat log entries should give you clues as to why it fails. You won't be able to get help from support until you upgrade to a supported release (3.1, 3.2, 3.3).