What caused this situation?

After correctly configuring reconciliation parameters in the Prod-AIX-Root-Accounts Platform, this error message appears in the CPM log: CACPM410E Ending password policy Prod-AIX-Root-Accounts since the reconciliation task is active but the AllowedSafes parameter was not updated.

What caused this situation?
A . The reconciliation account defined in the Platform is in a locked state and is not accessible.
B . The CPM is currently configured to use to an unsigned engine.
C . The AllowedSafes parameter does not include the safe containing the reconciliation account defined in the Platform.
D . A second CPM is incorrectly configured to manage the reconciliation account’s safe which is causing a deadlock situation between the two CPMs.

View Answer

Answer: C

Explanation:

The error message "CACPM410E Ending password policy Prod-AIX-Root-Accounts since the reconciliation task is active but the AllowedSafes parameter was not updated" suggests an issue with configuration parameters.

The likely cause is:

The AllowedSafes parameter does not include the safe containing the reconciliation account defined in the Platform (Option C). This parameter must accurately reflect all safes where the reconciliation account operates to ensure proper management and access by the Central Policy Manager (CPM). If the safe containing the reconciliation account is not listed, the CPM cannot perform its tasks, leading to this error.

Reference: CyberArk’s error codes and troubleshooting guides detail how specific configuration mismatches, like an incomplete AllowedSafes parameter, can disrupt normal operations, especially in reconciliation processes.