Windows Proxy checkNewPatchExists errors

book

Article ID: 220782

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are running some of our Windows Proxy servers with log level FINE to be able to catch detailed information when there are problems with password verifications or rotations. We recently got an alert about a Proxy not being available. It turned out not to be a problem with the Proxy itself, but on log review we noticed errors like the following getting written about once a day:

INFO: Thu July 29 02:35:49.956 EDT 2021 ProcessPatch::checkNewPatchExists. Invalid patch version or URL from CSPM Server. Status code: 401. New version: null

A status code of 401 suggests that there are communication problems between the Proxy and the PAM Server. Is this something to be concerned about?

Cause

The Windows Proxy agent has a long history going back to products other than PAM. It supports a patching mechanism that is not implemented in PAM, but was left in place for possible future use.

Environment

Affects all supported PAM releases as of July 2021

Resolution

These messages can be ignored. PAM does not support dynamic patching of Windows Proxy agents at this time. The messages are logged at level Info to indicate that they should not be regarded a problem.