After have upgraded PAM QAT environment to release 4.0.1, the PAM Proxy was successfully installed but the Proxy service is not working properly, the service starts running but its stops after 15 seconds. It is not a service account logon issue as it does verify the account against PAM client.

If needed we can join in a call to show you the failure scenario, so you can provide us with your inputs.

Release : 3.4, 4.0

Component : PRIVILEGED ACCESS MANAGEMENT

In this case there was an issue resolving the FQDN of the cluster node configured in the proxy xml file but this could also occur if a firewall rule is preventing access over port 443

Client may have a DNS issue or a firewall blocking one of the primary cluster nodes

There are 2 ways you can configure the PAM Proxy in a clustered environment.

In the cspm_client_config.xml

1. In most cases you can use the primary clusters VIP (FQDN or IP).

                <cspmserver>x.x.x.x</cspmserver>

2. Otherwise you can configure the nodes individually

                  <cspmserver> node1 </cspmserver>

                  <cspmserver_port> </cspmserver_port>

                  <cspmserver> node2 </cspmserver>

                  <cspmserver_port> </cspmserver_port>

                   <cspmserver> node3 </cspmserver>

                   <cspmserver_port> </cspmserver_port>

Either configuration method should result in the same performance (since the individual requests for an action will be generated from the appliance node trying to perform an action). The only time where using the second method might be beneficial is if the cluster service needed to be taken offline and run independently for that period of time. Since this is not a normal use case we would normally suggest to use the Primary Cluster VIP.