Can't update the license because of PAM-CMN-5352

Document ID : KB000116289
Last Modified Date : 28/09/2018
Show Technical Document Details
Question:
I tried to apply new license to the PAM instance, the following error occurred. Why?

PAM-CMN-5352 = The license was not updated. There was a failure deleting the Azure device. See the audit log for more details. 

Here is the steps I did.

1. Applied the license that the expired date is the Sep/2 before. Also, the license was included the "Azure Capability: Disabled", not enabled. 
2. Took the database backup and config backup. 

After that, I got the problem that no user cannot login the PAM because of the "CA PAM Server is starting up. Please try again later." even if he waited for a long time. 

3. Now, I exchanged the OS disk of Azure to return the situation that the PAM just completed to deploy. (Returned to the PAM initial state) 
4. Applied new license the expired date is Oct/2. 
5. Restored the database backup, after that, the PAM instance was rebooted automatically. 
6. Restored the config backup, after that, the PAM instance was rebooted automatically. 
7. The message that the license is expiring shows up. It seems to return to the license that the expired date is Sep/2 by the restoring backup. 

 PAM-CMN-1187 = CA PAM license has expired and access services are now disabled. Please contact your CA Account Representative. 

8. I tried to apply the license that the expired date is Oct/2, but the following error appears and can't apply the license. 

 PAM-CMN-5352 = The license was not updated. There was a failure deleting the Azure device. See the audit log for more details. 

9. I rebooted the PAM instance and tried to apply the license, but the PAM-CMN-5352 still occurs. 
Environment:
CA Privileged Access Manager r3.2 or higher.
Answer:
Here is the reason and the scenario.

1. Applied the license that has the "Azure Capability : Enabled" to the environment. 
2. Restored the database backup. Then, the "Azure Capability : Enable" license existed then. Also, Azure devise was generated at this timing. 
3. Restored the config backup. Then, the "Azure Capability : Disabled". (The old environment's license did not have the "Azure Capability" license. 
4. At this time, although there is not the "Azure Capability" license, the Azure device existed there. 
5. It is not the mismatch the compatibility. So, the problem occurred.