Symantec PAMSC: pmdb policy propagation fails
Article ID: 236459
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
Issue/Introduction
The rule propagation fails from RHEL pmdb server to Windows subscriber if fips_only=1.
The following error is recorded:
# sepmd -e pmdb
ERROR: Connection failed
(10071)
Handshake failed
(172063)
ERROR: Connection failed
(10071)
Handshake failed
(172063)
The same error appears on trying to connect to Windows subscriber:
PAMSC> host windows-subscriber
ERROR: Connection failed
Handshake failed
ERROR: Connection failed
Handshake failed
Environment
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT
Cause
The connection is failed from RHEL to Windows if fips_only=1.
This also happens when communication_mode=ssl_only and tls12_only=1.
Resolution
This is fixed as DE525584 and the testfix for CP4 is provided for both Linux and Windows.
Linux:
acpatch-DE525584-14.10.40.45-_LINUX_X64.zip
acpatch-DE525584-14.10.40.45-_LINUX_X64.zip
Windows:
acpatch-DE525584-14.10.40.37-_WIN_X64.zip
acpatch-DE525584-14.10.40.37-_WIN_X64.zip
Additional Information
Test fixes are included in PAMSC 14.1 CP05.
So, we strongly suggest upgrading to PAMSC 14.1 CP05 rather than applying testfix on both sides for all platforms.
Feedback
Yes
No
Powered by
