Issue with connecting to Target Server

book

Article ID: 128544

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

There is target Server which we have on-boarded as Linux Device. Created a Target application type Generic / UNIX. Target Account is added. The policy for the target has device name and user account that exists on the target device.

While trying establishing the session it opens up the SSH window  (MindTerm) shows connection details and before logging in it just vanishes. However, all the Linux servers hosted on the same vCenter server as normal Linux server are connected over SSH using automatic login.

The following error message is received by the user trying to access the target device.

Cause

The cause for this error message is password mismatch in CA PAM and the target host.
Either the password associated with the target account was modified after it was stored in CA PAM or, a wrong password was saved against the target account.

Environment

CA PAM 3.x.x release.
This article is applicable to target accounts that are not synchronized in CA PAM and have a chance of their password being manipulated on the target device.
Also, this would be mostly in case of on-boarding new devices.

Resolution


- Make sure that the target device is reachable
- Conduct the "ping" and "port" check from CA PAM
- Verify if the target device is accessible directly, without CA PAM using the same account and password as defined in CA PAM
- If any other account is available on the target device, define the same in CA PAM and double check the login is successful or not.
- Define "Putty" as a TCP/UDP service and assign the same the problem target device, follow it with the complete process for login by adding the target account in the access policy as well.
- Access the problem target device using the Putty service, this is when the error pop-up is displayed on screen.
- If the login using another account is successful verify the password for the problem account stored in CA PAM with the last know good password for the account for the target device
- Match the password for the target account to be same on the target device as well as in CA PAM.
- The automatic login should work properly now.
 

Attachments

1558689192324000128544_sktwi1f5rjvs16fuh.png get_app