Only two connections are allowed to a Windows server from CA PAM

book

Article ID: 225297

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A remote RDP server has been properly configured with Terminal Server licenses to allow multiple connections to it. This has been verified by connecting to it from outside CA PAM and also by verifying the Terminal Server Licensing configuration.

However only two simultaneous connections are allowed from CA PAM. If a third one is initiated, a message pops up indicating to select a user to disconnect so as to be able to sign in.

Cause

If Terminal Services Licensing is correctly configured, a likely cause for this behaviour is that the RDP device has been configured in CA PAM with the Console checkbox enabled in the Access Method configuration for the device

Checking this box in is equivalent to trying to initiate an RDP connection to the remote server using the /console or /admin switch. Under these circumstances, the administrative ports will be used, allowing only for two admin connections, even if the Licensing applications are working correctly.

Environment

CA PAM multiple versions

Resolution

Unless there is a business reason for it, the "console" checkbox can be left unchecked, which will allow multiple connections to target Windows servers. 

Attachments