search cancel

Users disconnected from PAM and error "Failed to retrieve launch data from the server." is shown

book

Article ID: 254839

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Users were disconnected from PAM  client when customer ran a penetration test on  a production node.  Error "Failed to retrieve launch data from the server." was displayed to the users. This article discusses possible cause of this issue.

Environment

Release : All supported PAM releases.

Cause

PAM is in ambiguous state as refresh of the Password View Requests failed

Resolution

1. PAM has a background process that is like a janitor process that cleans up the Password View Requests that need to be removed as those Password View Requests have timed out.  Essentially, this janitor process Expires/Delete Password View Requests whose time has expired. 

2. When this cleanup process in undertaken PAM sends notifications that sessions are going to be expired to all “Logged In Users”(who were found using Password View Requests to view the passwords). To perform this clean up operation, PAM needs some information about the “Logged In Users” and their Passwords View Request status.

     2a. Firstly, PAM acquires locks on Password View Requests to gather this user information.

     2b.  Secondly, all “Logged In Users” are refreshed with the new Password View Request.

3. Failure to accomplish this refresh activity is the root cause.  To resolve this issue the PAM Admin will need to delete all approved and active Password View Requests.

Additional Information

None.