Socket Filter Agent causes Windows target server to hang
search cancel

Socket Filter Agent causes Windows target server to hang

book

Article ID: 380814

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A Windows Server 2022 target device using SFA 4.1.7 stops responding after an RDP connection is made to the device. It usually hangs during the user profile loading phase. Accessing the device outside of PAM works fine as long as the problem has not started yet. Once the problem starts, the server cannot be accessed anymore either through PAM or outside of PAM. Disabling/removing the SFA prevents the problem from coming back.

Environment

May affect any Windows server with PAM SFA version 4.2.0 or lower installed.

Cause

The whitelist assigned to the access policy included an entry for address 255.255.255.255, which also is the mask for specific IP entries. This exposed a bug in the driver that caused it to be looping.

Resolution

Once a Windows server is in that state, only a reboot will make it accessible again. Removing any 255.255.255.255 entry from the socket filter list should prevent the problem from coming back.

For PAM 4.2.0 use the SFA installer from hotfix 4.2.0.05 to resolve the problem.

The fix will be included in the upcoming (Dec 2024) 4.2.1 maintenance release.