PAM-SRM-0026 Session recording encoding error with RDP Proxy service
Article ID: 279581
Updated On:
Products
Issue/Introduction
Asked to set the Encryption Oracle Remediation policy on the RDP servers to "Force Updated Clients" rather than "Mitigated" for full protection against the Encryption Oracle vulnerability. When doing that, the PAM RDP client cannot establish a good connection with the RDP server. Tried using a TCP/UDP service with the RDP Proxy, the connection works and RDP sessions can be established, but can't get session recording to work with that. See PAM-SRM-0026 errors in the session logs, and cannot view the recordings.
4/25/2023 5:43:54 PM - PAM-SPFD-0012: CA PAM[2823988]: CN=Doe, John (GSO),OU=example ,OU=Users,OU=NAO,DC=example ,DC=com connected to xxx.xxx.xxx.xxx:3389; Idle time out: 360;
...
4/25/2023 5:45:20 PM - PAM-SPFD-0015: CA PAM[2823988]: Connection terminated; Duration: 1m 26s;
4/25/2023 5:45:20 PM - PAM-SRM-0051: Starting post-processing of session recording 20230425PAM/example.com-0000000000000002051-1682444634598_RDP
4/25/2023 5:45:21 PM - PAM-SRM-0026: An error occurred while post-processing of session recording: Unexpected tag got 771 expected 32614 File: 20230425PAM/example.com-0000000000000002051-1682444634598_RDP
Environment
PAM: 4.1-4.1.6
Cause
The post-processor had problems with some virtual channels that may be installed on an RDP server.
The issue is known to occur when VMware Horizon Client and Citrix Client software is installed. Other software that installs virtual channels may cause this problem as well.
Resolution
The problem is expected to be fixed in 4.1.7+ and 4.2+.
If experiencing this problem at a lower release, and an upgrade is not an option yet, please contact PAM Support.
Feedback
