Password View Policies (PVPs) require the PAM user to provide a reason description and reference code before a target account can be used for auto-connect to an RDP server using an RDP Proxy service. When the service is launched, and the desired target account selected in cases where multiple accounts are configured in the access policy, it may take a while before the popup appears that asks the user to enter a reason. Sometimes a user may not have the information ready right away and takes time to enter the information. In such cases the RDP session sometimes is not established successfully and the user gets a popup with message "An internal error has occurred".

Affects PAM releases up to 4.1.7

The PAM RDP proxy starts to connect to the RDP server once the credential/target account is selected for auto-logon. Only afterwards does it prompt the user to enter a reason description and reference code. If it takes too long for the UI present the Auto Connect popup and then for the user to enter and submit the required data, the RDP server may close the connection from the PAM server (RDP Proxy) due to inactivity causing the PAM client to run into an internal error once the reason is submitted and it is ready to proceed with the auto-logon. A typical timeout is 90 seconds.

This problem is expected to be fixed in future releases starting with 4.1.8 and 4.2. Open a case with PAM Support if you need a fix at a lower release.