search cancel

Registration of a Windows Proxy with new hostname and IP not showing up in CA PAM

book

Article ID: 252762

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

After changing the name and IP address of a Windows Proxy server, the Proxy is not showing up with the new name and IP. Instead the old values are still in PAM and the Proxy cannot be used 

Environment

CA PAM all active releases

Cause

When a Windows Proxy is registered for the first time in CA PAM, the product adds machine name, host IP and device name to the CA PAM tables, plus a unique fingerprint for that machine. In this way every proxy is defined univoquely by its fingerprint.

When a Windows Proxy starts, it sends a registration request to PAM which includes its name, ip address and fingerprint. CA PAM verifies whether a machine with the same fingerprint as is being sent from the Windows Proxy already exists in its database. If it does, it does not modify the existing entry. This, for instance, if a machine is registered first as mymachine.broadcom.com, and IP 10.20.30.40, and it is subsequently moved and renamed to machine name test.broadcom.com and IP 100.200.300.400, when the Windows Proxy starts it will send a registration request for machine test.broadcom.com and IP 100.200.300.400, but since its fingerprint already exists in the database (as machine had been previously registered as mymachine.broadcom.com and IP 10.20.30.40), the old entry will not be modified. 

Resolution

Before changing the ip address and/or name of a Windows Proxy, please make sure to delete the old entry from CA PAM so that it registers itself with the right parameters next time you start it. Also, if building a Windows Proxy in a subnet different from the one it will finally be running in, make sure to start it once you have moved it to the final subnet, so that it picks up the address and name correctly