1. User cannot able to access target server from PVWA console.

Error:

Problem: User’s ID is locked in Active Directory.

Reason: User have logged in to a server and not logged off properly and some job or process is
still running with account and using your old password which leading to account locked.
Resolution:
1. Ask someone to login on those servers who have access and check if any active session still
running with [your account name] then need to kill it forcefully.
2. Check in case you have scheduled a task or script to run on those servers and those are using
your old password.
3. Clear Temporary Files.
4. Delete Cookies / Temp Files / History / Saved passwords / Forms from all the browsers.
5. Start --> Run --> Temp --> Delete all temp files.
6. Re-Mapp network Drives from the computer if any. My Computer --> Right click on Shared
drive --> note down the address and drive letter first (important) --> click on Disconnect --> then
remap again with recent password.
7. Clear old caches.
8. Any session already in an active condition, etc.
9. Login and logout properly in the servers.

2. User cannot able to access target server from PVWA console.

Error:
 Reason: The ID through which user is trying to connect, does not have permission to logon to
target machine.
Resolution: Active Directory Team should add the user’s ID to the respective server’s group in
AD.

3. User cannot able to access target server from PVWA console.

Error:

Reason: The ID through which user is trying to connect is disabled in Active Directory.
Resolution: Active Directory Team should user’s ID.

4. When the CyberArk environment is in the cluster mode, switching nodes from one to another
should take approximately 30 seconds.
Here, it is taking approximately 4 minutes (longer time).

Reason: Found that the Quorum disk was set to use round robin instead of the supported
failover only mode.
In the ClusterVaultConsole.log, we can see the logs of Quorum disk change times.
Resolution:
On all the Vault and DR nodes and change the MPIO setting for quorum disks to failover only
mode if they are not already.
MPIO id and Swapping Tests:
1. Once the MPIO policy for quorum is set properly, please stop the passive production node
from CVM
2. After the passive node is stopped, start it up again.
 3. Wait for the passive node to come back up
4. From the CVM on the active node, hit the middle arrows swap button to switch the
active/passive nodes.
5. Wait for the nodes to finish swapping.
6. Stop then start the now passive node using the CVM
7. Swap the nodes one last time to get them back to the state they were at the beginning.
8. At this point the nodes should be running as designed.

5. Disaster Recovery Replication issue.

Error:

Reason: The ReplicationUser.pass file on Primary Vault is missing, corrupted or out of sync with
DR server MasterReplicationUser.pass file.
Resolution: