We are running some of our Windows Proxy servers with log level FINE to be able to catch detailed information when there are problems with password verifications or rotations. We recently got an alert about a Proxy not being available. It turned out not to be a problem with the Proxy itself, but on log review we noticed errors like the following getting written about once a day:
INFO: Thu July 29 02:35:49.956 EDT 2021 ProcessPatch::checkNewPatchExists. Invalid patch version or URL from CSPM Server. Status code: 401. New version: null
A status code of 401 suggests that there are communication problems between the Proxy and the PAM Server. Is this something to be concerned about?
The Windows Proxy agent has a long history going back to products other than PAM. It supports a patching mechanism that is not implemented in PAM, but was left in place for possible future use.
Affects all supported PAM releases as of July 2021
These messages can be ignored. PAM does not support dynamic patching of Windows Proxy agents at this time. The messages are logged at level Info to indicate that they should not be regarded a problem.