We moved some Windows hosts with the A2A client installed to a new data center. The clients still work as expected to retrieve credentials, however we attempted to update a script hash today and it was unsuccessful.
The client shows active when going to Credentials --> Manage A2A --> Clients, however after attempting to update the hash the status switches to yellow. Using the "Check Connection Status" button doesn't help, and will actually change an active client to yellow the same as checking for a script hash. Attempting to get the client logs fails as well. You can still use the client to retrieve credentials, but the only way to get the status back to green is to restart the service on the host.
The client has the old IP address listed in PAM, which makes me wonder if the outbound requests from PAM such as getting a new script hash or checking the connection status are using that IP and failing. Is there a way to force an update of that IP address?
Release : 4.0
Use the following workaround to force an IP update of the A2A client entry. This assumes that devices are configured with an FQDN, or possibly a shortname, as address, rather than with an IP.
1) Edit the device from the Devices > Manage Devices pages, change the device address to the new IP and save it.
2) Unless you want to keep the new IP as address, edit the device again and set the address back to the FQDN.
3) Go to the Credentials > Manage A2A > Clients page and verify that this A2A client entry now shows the new IP in the IP Address column.
We would not expect to see this problem, if the device was configured with the new IP as device address already. If you did find such a case, the reverse sequence (change address to FQDN, and then change back to IP) should make sure that the IP address of the A2A client entry on the Credentials > Manage A2A > Clients page changes to the new IP.