Symantec Privileged Access Management

  • Private Community

  • 1.  Account Passwords Update Attempts Report

    Posted Feb 14, 2018 04:00 PM

    Currently using PAM Xsuite 2.8.3 and I just ran the Report Name: Account Passwords Update Attempts. The report generated into a csv file. Can anyone explain the following two columns Chan & Gen'd in detail?

     

    Chan Column: What are the codes TRUE, 15212, 15220, 5995,1600,etc?

    Gen'd Column: What is the difference between the TRUE and FALSE output?



  • 2.  Re: Account Passwords Update Attempts Report
    Best Answer

    Posted Feb 14, 2018 09:01 PM

    Hi, 

     

    "Chan" means "Changed".

    This has been updated in the PAM 3.1.1 version (I have not checked 3.0.x).

    It will appear as "Changed".

     

    If the password Change attempt was successful then you will see "TRUE" in the value.

    If it failed, then you will see the error codes listed below.

    Credential Manager Error Codes and Messages - CA Privileged Access Manager - 2.8.3 - CA Technologies Documentation 

     

    • error.code.15212=Failed to establish a communications channel to the remote host.
    • error.code.15220=A problem occurred while executing the script processor.  Please try your request again or contact your Administrator.
    • error.code.5995=Failed to update the account credentials.  Review the log file for further information or else contact your Administrator.
    • error.code.1600=Failed to synchronize password with target.  If this problem persists then please ask your Administrator to investigate.

     

    I do not have any info on what the "Gen'd" would mean (although one can assume it could be "Generated").

    I will let other people to chime in on that part.

    FYI, checked on PAM 3.1.1 and it still shows as "Gen'd".

     

    I have notified the documents team to make improvements in these area.



  • 3.  Re: Account Passwords Update Attempts Report

    Posted Feb 15, 2018 08:43 AM

    Thank you Kim for this feedback, this helps out a lot. Do you know if there's a report out there that will display any accounts that are locked due to failed password change?



  • 4.  Re: Account Passwords Update Attempts Report

    Posted Feb 18, 2018 08:40 PM

    Hi, EricFleming82375821

    Can you create a new question so that we can manage the questions and answers in a more searchable way?

     

    Cheers,
    Kim



  • 5.  Re: Account Passwords Update Attempts Report

    Broadcom Employee
    Posted Feb 16, 2018 05:49 AM

    Correct, "Gen'd" means whether PAM generated a random password for that password change, or whether the password was manually input.

    TRUE = password generated randomly by PAM.

    FALSE = PAM admin manually entered password, or scheduled job configured to use a user inputted password, or scheduled job configured to use the same password for multiple accounts (i.e. only first account has randomly generated password, all other accounts re-use the same password).