Users were disconnected from PAM client when customer ran a penetration test on a production node. Error "Failed to retrieve launch data from the server." was displayed to the users. This article discusses possible cause of this issue.
Release : All supported PAM releases.
PAM is in ambiguous state as refresh of the Password View Requests failed
1. PAM has a background process that is like a janitor process that cleans up the Password View Requests that need to be removed as those Password View Requests have timed out. Essentially, this janitor process Expires/Delete Password View Requests whose time has expired.
2. When this cleanup process in undertaken PAM sends notifications that sessions are going to be expired to all “Logged In Users”(who were found using Password View Requests to view the passwords). To perform this clean up operation, PAM needs some information about the “Logged In Users” and their Passwords View Request status.
2a. Firstly, PAM acquires locks on Password View Requests to gather this user information.
2b. Secondly, all “Logged In Users” are refreshed with the new Password View Request.
3. Failure to accomplish this refresh activity is the root cause. To resolve this issue the PAM Admin will need to delete all approved and active Password View Requests.