WIN Rc

Error Reason Solution

1. Raised incident to windows
Local admin group team and informed them to
was not found in add reconcile account on local
WIN RC=5 OS group admin group.
(Access Denied) 2. If not generate new password
& update in both OS &
CyberArk also.

WIN RC = 1326 Unknown user 1. Assign an incident to windows

(Unknown user name or bad password) name or bad team for password reset.
password 2. Check user name and
password and check does
account still exist or not?
WIN RC = 2102 User is not found in 1. Assign an incident to windows
(the work station driver is not installed) the server end team for either conforming or
creation of user account.
2. Once confirm by the windows
team perform change task.
WIN RC =2245 Password does not 1. Verify the password and
The password does not meet the match password change password to compile
password policy requirements. Check policy with cyberark password policy.
the minimum password length,
password complexity and password
history requirements
WIN RC=121 Possible network 1. If error persist further
Timeout period has expired. error on the target configuration need to verified
from member server by AD
team
WIN RC = 64 Can be a DNS error 1. Name is not available – is
The specified network name is no or address there a server with the same
longer available incorrect name?-IP may duplicate,
please check
2.
3.
4.

ORA (Oracle Account)

Error Reason Solution

ORA-12545 User Does not Exist(account has 1. Drop mail to DB team to
not yet been created at OS end) create account at OS
end
 2. Update the password in
cyberark which is
provided by the DB
team.
ORA-28000 Account has been locked out at 1. Assign an incident to an
OS end Oracle DB team to reset
the password of
reconcile admin account
and unlock the account.
2. After resetting the
password update the
same in cyberark and
run change on that.

CACPM

Error Reason Solution

CACPM626E
(Account is disabled )
Automatic management for this
account was disabled by the
CPM
Account has been disabled at the 1. Check the CPM
OS end status(account is active
or deactivate)
2. Assign incident to
windows team to enable
the account.
3. Initiate password
rotation.
We were not able to add 1. Check the account
reconcile account option in the onboarding correction
windows account. 2. Delete the old file
category of the object
from safe end.

Unable to connect machine.
Check machine address and port
code:8000
The user name or password is
incorrect
Invalid prompt or did not
receive any prompt
Target server is not reachable to
from CPM
Mismatch of password in
cyberark and at OS end.
Prompt while changing password
is not same as cyberark prompt
3. Add new file category
with correct details from
safe end.
4. Once it is added perform
reconcile task on the
account.
1. The status of the server
is retired or
decommission then
check with the regional
windows team and
proceed accordingly
2. The server status is in
use then check the
password was last
successfully rotated
3. If the password rotated
ever by the CPM then
check with network
team and ask them why
the network connection
has been dropped
4. If the password is not
rotated from the time of
onboarding then check
the reachability on
specific port and rise a
firewall request.
1. Check whether the
server is work group or
member server
2. If it is work group verify
the password of the
account and if
verification is success
that means no error with
password.
3. If server is in domain
check whether the
reconcile account is
working or not and
perform reconciliation
on account else first
make the reconcile
account to work first.
1. Login to CPM server
check the log files to

CACPM626E: account desables 1. Automatic management
for this account was
disabled by the CPM
2. Reconciliation failed bcz
no reconcile account is
associated with the
account object.
CACPM072E: 1. Cannot connect to the
Login process on remote machine
machine failed
CACPM 243W This error when there is banner
Fail to read from third party log length error
file/
PSM
PSMSR606E Account configuration is not
(Error occurred while waiting correct. server unable to find
for dispatcher to communicate.) logon account
make sure that it is not
following the prompt
define at cyberark end
while changing the
password
1. First we have run the
reconcile task or change
task on account.
2. Again same error please
check with AD team and
please enable the
account.
1. Please check access for
respective account to
the machine in remote
connection-access rights.
1. Contact the concern
team and ask them to
check the banner
length .if any exits make
them to adjust the
banner length
2. Then try to rotate
password now.
3.
1. Logon to cyberark search
for respective account
which user is facing error
to login
2. Check logon domain or
logon to file category is
added for the account or

RDP connection is not 1. User system does not
established have RDP rights
2. No connectivity from
cyberak PSM server
3. Account used to access
the server does not have
rights to access the
server.
User could not open the session When installing PSM, the user
was not connected as domain
administrator so the
PSMInitSession remote app
program was not added to the
published remote app program
list
ITAT
Error Reason
ITATS004E Due to invalid password enter
(authentication Failure) too many times.
not. if not add the file
category .
3. Check with the user
once error will get
resolve
1. Open cyberark web page
and search for the
account.
2. Check account is
compliment or not.if it is
in fail state please check
the reason
3. Logon to cyberark PSM
and check reachability
i.e for windows port 445
and linux port 22must be
used.
4. Logon to cyberark PSM
and check reachability
i.e windows port 3389
and for linux port 22
must be used.
5. Check the support
accounts which you are
using have access to that
sever or not
6. Raise firewall request or
contact respective
person who can raise it.
1. Please check RDC
session host role config
Solution
1. Please drop a mail to
respect LDAP team.
1. Inform the user to clear
the browsing history and
 ITACM040S Check whether user is typing
(user was automatically logged right password or not
off by VAULT)
ITATS006E Due to invalid password entered
(station is suspended for user) too many times
OTHERS
Error Reason
Remote desktop cannot find the 1. Target server address is
computer ABC or XYZ wrong
2. Target server address is
not getting resolved by
DNS server.
cache files from his
browser.
2. Please drop a mail to
respective LDAP team to
reset the password.
1. PUAM team to check
account status and
enable account if
required reset will be
sent to LDAP team.
2. Log in to Privaterark
client tools-
administration tools-
users and group – search
the user – click on
trusted area network –
click on activate button.
Solution
1. Log in to cyberark search
the account through
which you are trying to
login to server.
2. Check and confirm the
address which you are
entering while
connecting to server.
3. Login to the CyberArk
CPM and run the telnet
to confirm the
reachability. If not
reachable proceed to
next step 4.
4. Do the NSLOOKUP and
check the DNS entries
available. If no entries
available search that
server in SILVA tool and
use the IP Address

Not able to copy the files from
CyberArk to Local drive attached
with Laptop or Computer
RDP Session is getting
disconnected immediately (500
Internal Server Error)
Network Error:
Connection Refused/Connection
Timeout
1. Configuration missing
2. Account does not have
rights to access Drives
1. Target server is not
accepting connection
request. Could be due to
high utilization of target
server.
This error mainly occurs, when
there is no port reachability from
cyberark PSM to target machine
instead of Hostname.
5. If Error persists while
using the IP Address,
Raise a firewall request
or contact the respective
person.
1. Login to CyberArk
webpage, search for the
account you are trying to
login.
2. Enter that you are
clicking on Map Local
drives option.
3. Click on Ok and try again
once, Error may get
resolved. If Error persists
proceed to steps 4.
4. Check and confirm that
the required permission
is in place to see the
drive and copy the files.
1. Login to cyberark
webpage , search for the
account you are trying to
login
2. Check the account is in
complaint state or not ,if
not please check the
error
3. Check the port
reachability from
cyberark CPM
4. Check the port
reachability from
cyberark PSM
5. If there is no reachabilty
from PSM as well raise a
fire wall request or
contact the respective
person.
1. Check the port
reachability from
cyberark PSM
2. If there is no reachabilty
from PSM as well raise a

Buffer length error
User account locked
RDP session is getting
disconnected immediately
Change password process
terminated
Account locked by user or CPM
User unable receive OTP after
enter credentials
Authentication failure for user
program will be closed
Cannot access the driver in the
target machine
When ever you are trying to
connect to the target server and
you don’t connect to the target
server.
The referenced account is
currently locked out and may not
be logged on to
Time while connecting target
Not released by user after
completion of their work locked
by CPM while changing the
account password
Due to in correct emailID
updated in users profile or 2FA
error
Due to invalid user name and
password incorrect.
It seems to be a user permission
error on the target. We don’t
fire wall request or
contact the respective
person.
1. Please check account
logon to update or not.
1. Please check with AD
team, whether user
account is locked or not.
2. If locked please request
for account unlock.
1. Please check the server
complaint or not and
server is non complaint
2. Please check the server
reachability with port
number(windows
445/linux 22) from CPM
or PSM server
3. In case port is not
reachable, please raise
firewall request or check
with network team.
1. Check the firewall rules-
possible DNS reason too
–check the port.
1. Go to account details
page in cyberark and
unlock the account so
that other user can use
the accounts
1. Guide the user to reach
out to AD/windows team
to make email address
correction in case of
emailed wrong, if else
check with 2FA team.
1. Check the user name
and password of account
and please do correct
the details.
1. Guide the user to ask
target admins to provide

The network path was not
found
Reconcile account is not set
The specific network name is no
longer available
manage permissions on the
target.
The error occurse when the
target server is not reachable on
specific port.
This error occurse when we run
reconcile task without
associating the reconcile account
This error occurs when DNS
entry cannot be resolved from
CPM sever
the permission to access
the drive.
1. We need the check port
reachability from the
respective CPM by the
command telnet .
ex: telnet XYZ port
number(for windows
445/linux 22)
2. We have to check for
ping (whether the server
is reachable or not)
3. Check the adreess
details and ticketing tool
status
4. If any of the above two
connectivity error exists
we need to raise the fire
wall request for the
networking team.
1. Associate the correct
reconcile account to the
account then run
reconcile task
2. Run only change on
logon and Reconcile
account , for root
account run
reconciliation
3. For the work group
accounts there is no
reconcile account.
Running reconcile task
may casue above error
so run change task for
work group servers.
1. Check whether the DNS
entries or getting
resolved or not using
command nslookup.
2. If DNS entries are not
resolved please ask
windows and network
team to check

Remote desktop cannot connect
This error may occur when there
is firewall or routing error
3. Then initiate password
rotation again
4. And also finally check
whether the service
called SERVER is running
or not.
1. Check the connectivity
(ping and telnet) from
the PSM server for the
server which you need
to connect
2. If connectivity reason
exists then raise a
firewall request and get
it resolved
3. There may be chances
for the same error if
there is nspaces in the
host name.to avoid
human error make sure
to enter without spaces
in address attribute.