PAM-CM-1122: Proxy unable to access host error from Windows Proxy Agent
search cancel

PAM-CM-1122: Proxy unable to access host error from Windows Proxy Agent

book

Article ID: 217077

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

 

PAM Admin has onboarded numerous new Windows boxes (Win212, Win2016 and Win2019) to be managed by a remote PAM Proxy Agent.

For every local account, he can validate the password, however every time they try to rotate a password they get the following error:

PAM-CM-1122: Proxy unable to access host. 

 

Environment

Release : 4.1.X

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

User Access Control settings on the target device did not allow the Windows API calls from the Windows Proxy host to succeed.

Resolution

Just like the Windows Remote Connector, see documentation page Add a Windows Remote Target Connector,

the following registry setting needs to be in place on the remote target servers so remote SMB executions are not blocked:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy = dword:00000001

 

Also, local security policy "User Access Control: Run All Administrators in Admin Approval Mode" may need to be disabled.