CA PAM Client and Java in high utilization hangs the access page.

book

Article ID: 211880

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Client found that the CA PAM Client was no longer functional after a CA PAM version upgrade. The main CA PAM service was functional for some but not for all. The end-users experiencing this issue saw high utilization with the PAM client as well as trying with  IE11 (Java also reported high utilization).

 

It was noted that in all cases where high cpu utilization there was found a bind error that was displayed when CA PAM loaded

 

 

 

Cause

This bind error directly leads to high cpu utilization which then caused a lack of functionality.

 

Environment

Release : 3.x

Component : CA PAM Client

Resolution

This error is being deemed a bug and will be addressed in future releases but a workaround is listed here to bypass this.

In an earlier release of CA PAM the ability to generalize the local ports in our TCP/UDP configuration to ensure only unused ports would be utilized when the service is loaded. This will allow for locally used ports on the system would not impact the CA PAM client.

You would need to go through each TCP/UDP session that matches the IP and port showing the error and modify the port value to add a :*  this value will allow each of the services bound to a specific port to use a generic port.

 

Add a :*

Attachments