CA PAM Server is starting up. Please try again later.
search cancel

CA PAM Server is starting up. Please try again later.

book

Article ID: 115729

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

When trying to connect to a CA PAM appliance the error below is encountered:


"CA PAM Server is starting up. Please try again later."

 
  • After allowing 10+ minutes for the CA PAM Server to finish starting up the same error occurs
  • This can effect any number of appliances
  • Rebooting the appliance(s) does not solve the problem

Environment

Release: 4.0
Component: CAPAMX

Cause

This error usually occurs when a PAM Appliance is starting up and thinks that it is already in an active cluster during startup. When this happens, PAM may not be able to re-join the cluster (depending on what type of site the node is a member of) and will instead stop itself from starting the web server fully because it finds that it has been deactivated from the cluster or can't reach it's cluster members.

Common causes of this situation are:

  • Rebooting PAM Nodes while the Cluster is turned on (Note: PAM will not allow graceful shutdown from the GUI when clustered)
  • Reverting a VM PAM appliance to a snapshot that was taken while the cluster is running
  • Network issues or vMotion may cause split-brain situations which can lead to this problem during reboot

Resolution

Before proceeding to the steps listed below you may find that rebooting the node from the VM console (VMware, AWS, or Azure) or from the LCD panel for physical hardware may allow the appliance to start normally after waiting some time. Since the steps below may take some time it is beneficial to at least try restarting once after waiting about an hour.

 

To resolve this this issue, follow these steps:

 

Depending on your current cluster status, it is possible that step 4 can shut down the whole cluster. The cluster will need to be shut down anyway to bring the effected node(s) back in, so it is recommended to shut the rest of the cluster down first if it is currently running.

  1. Navigate to the following link in a Web Browser: https://<PAM_Address>/config/?legacy=1 or https://<PAM_Address>/config/
  2. Login as the config user
  3. Navigate to: Configuration > Clustering
  4. Click the button "Turn Cluster Off".
  5. The cluster will turn off on this node and possibly other nodes if they were still clustered. Ensure clustering is shut down on each effected node before continuing.
  6. Once clustering is shut down on the effected nodes the standard login page becomes active for logins. Login to confirm everything is working.
  7. Either restart the Cluster if clustering will continue to be used  (Configuration > Cluster > Turn Cluster On) or if this node is being removed from the cluster Unlock it's Database (Configuration > Cluster > Unlock Me)



Tips to prevent this situation from happening again:



  • Never pull the power plug or otherwise reboot PAM while the cluster is enabled unless directed to by Support
  • Ensure the cluster is turned off or the individual node has been safely removed before patching or other major changes
  • Never take LIVE (running) VM snapshots of PAM Appliances (Snapshots taken while PAM is powered off are acceptable)
  • Disable vMotion for all PAM Appliances

Additional Information

Default credentials for the Config User:

User:  config

Password:  config

Attachments

1558687664564000115729_sktwi1f5rjvs16fct.png get_app