Java Plugin is required on the browser to load the Java Applets and this is a prerequisite.
1) Is Java Runtime installed on the client machine connecting to PAM server.
If the Java Runtime is installed and if you are still encountering the same issue then it is possible the Java Runtime is not recognized by the Browser.
One reason could be if the bitness do not match. For example, if you have 64bit Browser and have 32bit Java installed, the Browser may not load the 32bit Java Plugin.
2) Is Java Plugin Enabled(Allowed) in the browser?
You can check if the Java Plugin is enabled by accessing this link. https://www.java.com/en/download/installed.jsp
You may need to contact your IT department if the Java Plugin is enabled but does not can check if Java is enabled by going to the Verify Java Version page." To resolve this, One should approach their Administrator and ask them to enable the Java for IE Browser because due to GPO policies and restrictions at their Machine level.
3) Java Security Level
Due to the changes in the security enforcement in Java itself, it is common to find certain sites need to be added in the exception list.
Add PAM Server URL to the exception list.
After Enabling Java, Access Page is loaded and able to see all the configured Devices but when you click on any Device to access or to launch, sometimes, you see the error,
"Error: PAM-UI-1202 : Error getting Access Credentials: LiveConnect call for Applet ID(any value) is not allowed in this JVM instance."
To avoid this above error, follow the below steps i.e.,
- In Internet Explorer, select Tools > Internet Options and in the dialog that opens, select Security. Select Internet and select Custom Level.
- Scroll to the option called Display mixed content and change it from Prompt to Enable. Click OK and confirm that you want to change this setting
- Add IP or host name in the exception list of control panel->java->security
- Login to the CA PAM, Go the configuration, In the Configuration > Security > Certificates > In Sign Applets Tab, resign the applets with the correct PAM Domain and sign applets.
If all above have been checked but still unable to load the Applet then you may need to contact your IT department for assistance.
At times it is the GPO that restricts certain set of machines from launching applications.
Whether a Java Applet can run on the client machine or not is dependent on the client machine settings.
In case if the PAM Server's Java Applet is causing problem and refusing to load, customer can collect Java Console logs and submit for review.