Error messages: too many files opened when tunnelling from Symantec Secure Cloud Gateway to PAM
search cancel

Error messages: too many files opened when tunnelling from Symantec Secure Cloud Gateway to PAM

book

Article ID: 274015

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When integrating PAM with Symantec Secure Access Cloud, the end user gets the following error message when making the connection via their SAC Connector:

accept:  too many open files

 

 

Environment

Release : 4.1.x

Resolution

Ultimately the customer is using:

Symantec Secure Cloud Gateway -> that makes a network connection to Symantec PAM -> via their "SAC Connector"  -> so ultimately they are proxying via SSH on port 433 to PAM on Port 433.  

Now PAM is a black box and they are not SSH'ing into our Appliance or any server that is managed by PAM -> therefore the only place SSH is involved and the concept of "open file descriptors" is on the SAC Connector.

The SAC Connector is an actual docker container and looking at a sample of their container:

test-Connector-1:
    image: luminate/connector:2.10.5
    container_name: test-Connector-1
    restart: on-failure
    ulimits:
        nofile: 2048
    log_opt:
        max-size: "50m"
        max-file: "10"
    environment:
     - ENDPOINT_URL<=XXXXX.com>
     - TENANT_IDENTIFIER=XXXXX
     - HTTPS_SKIP_CERT_VERIFY=true
     - OTP=XXXXX

They are passing nofiles -> which is the limit that is being exceeded.   

Ultimately the Symantec Secure Cloud Gateway team gave directions on how to redeploy a new SAC Connector with higher nofiles value.

Powered by Wolken Software