top of page
Writer's pictureSandeep Pawar

Common issues in CyberArk PAM and corresponding troubleshooting steps:



1. Password Rotation Failures


Issue: Password rotation fails for managed accounts.

Troubleshooting:

• Check if the target system is reachable from the vault server (network/firewall issues).

• Ensure that the account being used for password rotation has the correct privileges on the target system.

• Verify that the platform configuration is correct (e.g., SSH, RDP settings).

• Check the logs in PVWA for detailed error messages and use CyberArk Password Vault Web Access (PVWA) to diagnose rotation issues.


2. Connectivity Issues between Vault and Target Systems


• Issue: Inability to connect to target systems or devices.

• Troubleshooting:

• Verify that all network ports are properly opened between the CyberArk components (Vault, PVWA, CPM) and the target systems.

• Ensure the DNS configuration is correct so the target systems can be resolved by their FQDN.

• Test basic connectivity using tools like ping, telnet, or ssh to confirm communication.

• Check the vault logs for communication issues or timeout errors.


3. Session Recording Not Working


• Issue: Privileged Session Manager (PSM) not recording sessions.

• Troubleshooting:

• Confirm that PSM is properly installed and configured on the server.

• Check the session recording path to ensure it has enough disk space.

• Verify that the PSM connector is correctly defined for the specific target system (e.g., RDP, SSH).

• Review the PSM logs for any errors related to recording or access failures.


4. Authentication Failures (PVWA, Vault Access)


• Issue: Users are unable to authenticate via the PVWA or access the vault.

• Troubleshooting:

• Ensure that the user account is not locked or disabled in the vault.

• Verify that the user has the appropriate permissions in CyberArk’s vault policy and Active Directory (AD) if SSO is used.

• Check if Multi-Factor Authentication (MFA) is enabled and whether there are issues with MFA tokens.

• Check the IIS settings on the PVWA server for any web authentication issues.

• Review PVWA logs for detailed error messages.


5. Account Discovery Issues


• Issue: CyberArk fails to discover all privileged accounts within a network or system.

• Troubleshooting:

• Ensure that the Account Discovery tool has the necessary network access and permissions to scan the systems.

• Verify the credentials used by Account Discovery have sufficient privileges to access remote systems.

• Check for firewall restrictions or access control that may prevent successful scanning

71 views0 comments

Recent Posts

See All

Comments


bottom of page