When attempting to install new PAM license keys the following errors may be observed:
1. Error: PAM-CMN-1279: The license was not updated. CA threat analytics feature not removed. Please check the logs to find the problem and reapply the license.
2. PAM-CMN-1744: Failed to delete target account for API key CATapApiUser
3. Error: Error occurred while accessing the database. See the CA PAM logs for details.
4. Error: PAM-CMN-1219: The license was not updated. There was an error provisioning the AWS device. See the audit log for more details.
1) Connect to the primary node and turn off the cluster if enabled under Configuration > Clustering
2) Optionally, power down the appliances and take a snapshot if virtual to mitigate any risk
3) Select Configuration > Database > Save Database and Configuration
4) Select Configuration > Clustering > Unlock Me if locked
5) Select Configuration > Database > Reset
6) Log in as super/super and update the required fields
7) Install the new license
8) From Configuration > Database restore the saved database from step 3
9) Log in using the super credentials prior to the reset and verify the updated license reflects correctly
10) Repeat steps 3-7 for any additional appliances
11) Log into the primary and turn the cluster on
More detail for PAM-CMN-1219
If you were issued a license during PAM 2.x.x with AWS features disabled and then upgrade to 3.x.x and apply a newly issued license, you will get this error as well.
Because 3.x.x license has AWS support feature enabled by default and the DB is lacking certain tables which need to be recreated, thus reset the DB.
After performing the above steps, applying the new license will not throw PAM-CMN-1219 error.