search cancel

How to make RDP through CA PAM work with CredSSP

book

Article ID: 199786

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

CA PAM 3.4 has been deployed, but during testing it was highlighted that  CredSSP, as specified in:

https://support.microsoft.com/ca-es/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

is not supported, as indicated in 

However, CredSSP is a required feature of the environment to be deployed, especially with respect to RDP to Windows 2019 servers.

Is there any way to have both features work in PAM while waiting for support for both in the RDP applet coming with the product ?

Environment

PRIVILEGED ACCESS MANAGEMENT, version 3.4.X

Resolution

The solution is to use an RDP Proxy service launched directly from the client or from the CA Agent to connect to the remote machine configured with CredSSP.

The main difference between this scenario and the "native" CA PAM RDP connection is that using the RDP Proxy or the CA Agent, no CA PAM applet is launched: the appliance provides tunneling for connection between the local computer and the remote machine, thus eliminating the need for support of these features in the CA PAM RDP Applet.