Symantec Privileged Access Management

  • 1.  Access Denied trying to access Index page

    Posted Jun 20, 2017 03:09 PM

    I was in the process of configuring PKI Smartcard Authentication and clicked the "Login page without CAC" option in the Config-->Security-->PKI Options section and now can't even get to the Index age to login with the Super account and uncheck that option. Does anyone know how I can get back into the Admin page? I was doing this via web.

    I even tried to launch the client to bypass certificate authentication but got stuck when client tried to update.

    I got the following error. "Checking for update failed. Reason: Permission Denied: Connect".



  • 2.  Re: Access Denied trying to access Index page
    Best Answer

    Broadcom Employee
    Posted Jun 20, 2017 03:30 PM

    Hello Bashir,

    You should be able to access the config page https://<PAM server>/config/, log on as the config user and uncheck the option.



  • 3.  Re: Access Denied trying to access Index page

    Posted Jun 20, 2017 07:04 PM

    Thank you so much for your assistance Ralf. You saved the day for me. I want to give back to the community by posting this step-by-step procedure.

    During PKI configuration if you find yourself unable to log back into PAM, use the config credentials to log back in and uncheck the “Login Page Without CAC” checkbox.

    This happened to me and I wanted to document it to help others. I inadvertently put a check mark in the “Login Page Without CAC” option after uploading the root certificates and logged off to test. When I tried to login with my CAC, I couldn’t. I got an “Access Denied” error. Since I put a check mark in the “Login Page Without CAC” option, I no longer had the option to login with username and password and couldn’t even get back into PAM to uncheck it. My buddy Ralf of CA Technologies helped me get back in and uncheck it.

               1) Navigate to the your PAM Server URL and add a /config at the end of it.
                                     https://yourPAMservername/config/

               2) Enter credentials

                                     Username: config

                                     Password: Use the password that was set by your PAM Admin. If you don’t have the password, try the default password which is config. If the config password doesn’t                                  work, you can reset it from the VM.

                3) Open the VM console. Scroll down to "Reset Password". Select OK to confirm action.

                4) Once the config password has been reset, try to login to the config page again using the "config" for username and "config" for password without the quotes

                5) Click Config and go to the Security tab

                6) Uncheck “Login Page Without CAC” and click update. Then logoff and you’re all set!