[PAM] RDP Application sessions swapping on PAM 3.4.0

book

Article ID: 196221

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

[Use Case]

Terminal Services License applied and hosting RDP Applications.

A Windows User Account is used by multiple Administrators and can open multiple sessions.

It was found that multiple RDP sessions are left in (disconnected) state when using PAM 3.4.0 and when next PAM user launches the RDP App with the same Windows account then is presented a list of the disconnected sessions to choose.

Or, if only 1 RDP session was in disconnected state then that session will be resumed by this user hence the session swap.

 

 

Policy

    - Administratative Templates

        - Windows Components

            - Remote Desktop Services

               - Remote Desktop Session Host

                   - Licensing

                     * Use the specified Remote Desktop license servers : Enabled (you need to specify which license server)

                     * Set the Remote Desktop licensing mode: Enabled (Per User)

 

Policy

    - Administratative Templates

        - Windows Components

            - Remote Desktop Services

               - Remote Desktop Session Host

                   - Connections

                     * Restrict Remote Desktop Services users to a single Remote Desktop Services session: Disabled

 

Cause

If RDP App is hosted without the "Remote Desktop licensing mode" enabled then it is normal to see list of disconnected sessions to choose when you RDP using same windows account.

With "Remote Desktop licensing mode" enabled and license applied, the RDP session will close when you are disconnected from the RDP session.

 

Problem was the Transparent Login Agent was not closing the RDP session and leaving it as (Disconnected) state which allows resume.

This allowed other PAM users using the same Windows Account to resume these disconnected RDP sessions.

 

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Hotfix 3.4.0.08 addresses this issue so the RDP sessions are closed.

 

Attachments