CA PAMSC: pmdb policy propagation fails
Article ID: 236459
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
Issue/Introduction
The rule propagation fails from RHEL pmdb server to Windows subscriber if fips_only=1.
The following error is recorded:
# sepmd -e pmdb
ERROR: Connection failed
(10071)
Handshake failed
(172063)
ERROR: Connection failed
(10071)
Handshake failed
(172063)
The same error appears on trying to connect to Windows subscriber:
PAMSC> host windows-subscriber
ERROR: Connection failed
Handshake failed
ERROR: Connection failed
Handshake failed
Environment
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT
Cause
The connection is failed from RHEL to Windows if fips_only=1.
This also happens when communication_mode=ssl_only and tls12_only=1.
Resolution
This is fixed as DE525584 and the testfix for CP4 is provided for both Linux and Windows.
Linux:
acpatch-DE525584-14.10.40.45-_LINUX_X64.zip
acpatch-DE525584-14.10.40.45-_LINUX_X64.zip
Windows:
acpatch-DE525584-14.10.40.37-_WIN_X64.zip
acpatch-DE525584-14.10.40.37-_WIN_X64.zip
Additional Information
There is also a testfix for Windows CP3:
acpatch-DE525584-14.10.20.81-_WIN_X64.zip
acpatch-DE525584-14.10.20.81-_WIN_X64.zip
The Linux testfix for CP4 can be applied to 14.1 before CP4 but the testfix has to be applied manually (uxpatcher cannot be used).
Please contact Broadcom support for testfix.
Feedback
Yes
No
Powered by
