Users connect to web apps via PAM, and once connected to a web app device then PAM will refuse to launch additional connections, including SSH and RDP, to devices without hitting the "restart session" button.
Hitting the "restart session" button then brings up the next queue'd device that a user has tried to launch.
A user can stack several instances of these connections and each time they hit "restart session", PAM brings up the next one in the queue.
Issue occurs when a service is defined as a Web Portal, using the CA-PAM Browser as the Browser Type:, and Route Through CA PAM: unchecked.
Will be fixed in 3.2.5 and 3.3
Work around for older releases: Check the 'Route Through CA PAM' checkbox in Web Portal services that use the PAM Browser.