PAM-CM-1341 Error For Linux Accounts in 4.1.2
search cancel

PAM-CM-1341 Error For Linux Accounts in 4.1.2

book

Article ID: 267833

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When trying to verify a Unix target account on 4.1.2 PAM, the following error occurs in the GUI.

PAM-CM-1341: Failed to establish a communications channel to the remote host.

Environment

Privileged Access Manager, version 4.1.2

Cause

This issue will occur when PAM has been upgraded to 4.1.2 due to multiple versions of the jar files left from the upgrade. The issue can be confirmed by looking for the following error in the Tomcat logs.

2023-06-12T13:47:04.500+0000 WARNING [TP3] com.cloakware.cspm.server.app.impl.VerifyAccountPasswordCmd.invoke **** ACCOUNT VERIFICATION FAILED: targetAccount ID: 8675309' due to 'Error Code: 15212
Error Details: null
Error Message: PAM-CM-1341: Failed to establish a communications channel to the remote host.
Exception: com.cloakware.cspm.server.plugin.NetConnectorException: PAM-CM-1341: Failed to establish a communications channel to the remote host.
Stack Trace: com.cloakware.cspm.server.plugin.NetConnectorException: PAM-CM-1341: Failed to establish a communications channel to the remote host.
                at com.cloakware.cspm.server.plugin.SSHConnector.connect(SSHConnector.java:306)
                .....
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: java.lang.SecurityException: class "org.bouncycastle.crypto.general.EdEC$EdDSAOperatorFactory"'s signer information does not match signer information of other classes in the same package
                at com.jcraft.jsch.Session.connect(Session.java:579)
                .....
Caused by: java.security.InvalidKeyException: java.lang.SecurityException: class "org.bouncycastle.crypto.general.EdEC$EdDSAOperatorFactory"'s signer information does not match signer information of other classes in the same package
                at com.jcraft.jsch.bc.SignatureEdDSA.setPubKey(SignatureEdDSA.java:94)
                .....
Caused by: java.lang.SecurityException: class "org.bouncycastle.crypto.general.EdEC$EdDSAOperatorFactory"'s signer information does not match signer information of other classes in the same package
                at java.lang.ClassLoader.checkCerts(ClassLoader.java:891)
                .....
Is success: false
Warning Message: null
Result Details: null
'
2023-06-12T13:47:04.513+0000 WARNING [TP3] com.cloakware.cspm.server.app.impl.VerifyAccountPasswordCmd.invoke VerifyAccountPasswordCmd.invoke, end: result=false, accounts=1, duration=306.84396ms
2023-06-12T13:47:04.514+0000 SEVERE [TP3] com.ca.pam.rest.PAUtil.generateExceptionFromAppCtx PAM-CM-1341: Failed to establish a communications channel to the remote host.

Resolution

The issue was fixed in 4.1.3 as DE564126 & DE564764, per the documentation below. If an upgrade to 4.1.3 is not possible at this time, please open a case for a Broadcom Support to SSH into the appliances and perform manual cleanup of these files.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-3/release-information/Resolved-Issues-in-4-1-3.html

Powered by Wolken Software