When runing Account Discovery (CyberArk PAS v9.6) the process can't PING some machines so the machines aren't added to the pending accounts feed, PING is blcoked from CPM to the target machines.


The Account Discovery process based on CyberArk DNA engine and CyberArk DNA  by default ping the machines before adding them to the report and if the machines aren't answer to ping they will not be added to the report - in our case the Account Discovery process will not add the machines to the Pending Accounts page if ping is disabled.

In order to solve the issue, please see the following procedure:

  1. Connect to the CPM machine
  2. Open the scanner config file:C:\Program Files (x86)\CyberArk\Password Manager\Scanner\CACPMScanner.exe.config
  3. Add the following value under the "<!-- DNA configuration  -->" section: <add key="PingMachineBeforeScan" value="False" /> 
  4. Restart the "CyberArk Central Policy Manager Scanner" service.
  5. Run new Account Discovery process from the PVWA.

Applies to: CyberArk PAS v9.6.