Symantec Privileged Access Management

All having an issue within PAM and not sure what is the cause. 

I get the error message "PAM-CM-1203: Account is disabled" when verifying the password. 

however the account is not disabled in Active Directory. Has any one seen this error.  I tried to research the error and could not find it on Broadcom's KBase. 



Thanks again.

E.

Hello Everton, This error maps to Windows error

ERROR_ACCOUNT_DISABLED

1331 (0x533)

This user can't sign in because this account is currently disabled.

I don't see how we could show this if we did not get error 1331 back from AD. Did you verify that the DN is configured correctly in the target account and doesn't point to an account different from the one you were looking at?
Original Message:
Sent: 06-22-2021 01:13 PM
From: everton foster
Subject: Account is disabled

All having an issue within PAM and not sure what is the cause.

I get the error message "PAM-CM-1203: Account is disabled" when verifying the password.

however the account is not disabled in Active Directory. Has any one seen this error.  I tried to research the error and could not find it on Broadcom's KBase.



Thanks again.

E.

Everton,

Confirm that the account is not set with an expiration date.  I don't believe it sets the "account disabled" flag when this date is reached, but all access to the account treats it as though it was disabled.




Original Message:
Sent: 06-22-2021 01:13 PM
From: everton foster
Subject: Account is disabled

All having an issue within PAM and not sure what is the cause.

I get the error message "PAM-CM-1203: Account is disabled" when verifying the password.

however the account is not disabled in Active Directory. Has any one seen this error.  I tried to research the error and could not find it on Broadcom's KBase.



Thanks again.

E.

GM All,

I was able to resolve the issue by creating a new AD target account. I did check all of the above. Not sure why the error. I think maybe the distinguished name may have led back to a deactivated account.  

Thanks again for your help. Much appreciated.
Original Message:
Sent: 06-23-2021 10:33 AM
From: Joseph Fry
Subject: Account is disabled

Everton,

Confirm that the account is not set with an expiration date.  I don't believe it sets the "account disabled" flag when this date is reached, but all access to the account treats it as though it was disabled.




Original Message:
Sent: 06-22-2021 01:13 PM
From: everton foster
Subject: Account is disabled

All having an issue within PAM and not sure what is the cause.

I get the error message "PAM-CM-1203: Account is disabled" when verifying the password.

however the account is not disabled in Active Directory. Has any one seen this error.  I tried to research the error and could not find it on Broadcom's KBase.



Thanks again.

E.