PAM 3.3.0 session recording on primary down
search cancel

PAM 3.3.0 session recording on primary down

book

Article ID: 135118

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

PAM 3.3

Customer is testing 3.3 behaviors.

They tested primary server down on 2 servers Multi Master Cluster.


Primary:WORK-PAM01 /192.168.x.1

Secondary:WORK-PAM02 / 192.168.x.2

VIP:192.168.x.10


procedure:

On primary, execute Stop Instance with Cluster Warning checked.

On secondary, confirm primary down in cluster status

execute auto login access to target device with session recording


Then, following happens:

The connection to applet is very slow and is terminated forcibly with the message:

-----

PAM-CLNT-0007: Session disconnected due to a problem with session recording

-----

And no session recording is obtained


The status of external storage is normal and no log appears

The session recording is working before stopping Primary. 

The applet can be accessed normally after changing access policy for session recording to operation safe.


Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

In 3.3, when we introduced the new cluster framework, we just needed to update it onto one node then MySQL would automatically update it onto other nodes, however when we chose which one we should update onto, we always chose the first member... So that would be an issue when the first member is down.

This problem will be solved by next release.


Powered by Wolken Software