PAM-CMN-3333: Current session recording file is broken or refers to other CA PAM.
Article ID: 116697
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Many of SSH Session Recordings from 2.8.x are not playable since upgrading to PAM 3.x.x
When playing the SSH recording, PAM displays following error.
PAM-CMN-3333: Current session recording file X is broken or refers to other CA PAM.
When playing the SSH recording, PAM displays following error.
PAM-CMN-3333: Current session recording file X is broken or refers to other CA PAM.
Environment
PAM 3.2.1
PAM 3.2.2
PAM 3.2.2
Cause
The older PAM versions recorded SSH session and stored it in a different format.
It is in text format but in the very first line of the txt file there is a shorter hyphens(16 instead of 36) causing this error PAM-CMN-3333 when playing from newer version of PAM.
For example:
CANNOT PLAY:
----------------
CAN PLAY:
------------------------------------
If the *.txt file contains binary content, it should be played without problem.
This only applies to SSH recordings that are stored in text format and lacking the correct number of hyphens.
It is in text format but in the very first line of the txt file there is a shorter hyphens(16 instead of 36) causing this error PAM-CMN-3333 when playing from newer version of PAM.
For example:
CANNOT PLAY:
----------------
CAN PLAY:
------------------------------------
If the *.txt file contains binary content, it should be played without problem.
This only applies to SSH recordings that are stored in text format and lacking the correct number of hyphens.
Resolution
You can manually modify this txt file to change "----------------" to "------------------------------------"
Then run sha1sum "txt filename" to get a new hash value.
Then update the "txt filename".inf file to update to the new hash value
file_hash = xxxyyyzzz.....
Once the *.txt file and *.txt.inf files are updated as above, you can immediately play them from the new version of PAM servers.
If your session recording is hosted on a linux machine, you can create a script as below to update all the files that do not have 36 hyphens and also update the hash value.
Note that "/opt/rpath" refers to your physical path on the session recording host machine.
If your physical path for session recording is "/apps/nfsshare" then it need to be changed accordingly.
Then you can run this script on the NFS share machine and it would:
1. List out the *.txt files that do not have 36 hyphens in the first line.
2. Replace the *.txt files to have 36 hyphens.
3. Generate a SHA1 hash of the updated *.txt file and update the *.txt.inf file accordingly.
!!! IMPORTANT !!!
Please backup your session recording files before performing this operation to ensure you can revert the changes if it does not fix the problem!
Then run sha1sum "txt filename" to get a new hash value.
Then update the "txt filename".inf file to update to the new hash value
file_hash = xxxyyyzzz.....
Once the *.txt file and *.txt.inf files are updated as above, you can immediately play them from the new version of PAM servers.
If your session recording is hosted on a linux machine, you can create a script as below to update all the files that do not have 36 hyphens and also update the hash value.
Note that "/opt/rpath" refers to your physical path on the session recording host machine.
If your physical path for session recording is "/apps/nfsshare" then it need to be changed accordingly.
Then you can run this script on the NFS share machine and it would:
1. List out the *.txt files that do not have 36 hyphens in the first line.
2. Replace the *.txt files to have 36 hyphens.
3. Generate a SHA1 hash of the updated *.txt file and update the *.txt.inf file accordingly.
!!! IMPORTANT !!!
Please backup your session recording files before performing this operation to ensure you can revert the changes if it does not fix the problem!
Attachments
Feedback
Yes
No
Powered by
