A Windows Server 2022 target device using SFA 4.1.7 stops responding after an RDP connection is made to the device. It usually hangs during the user profile loading phase. Accessing the device outside of PAM works fine as long as the problem has not started yet. Once the problem starts, the server cannot be accessed anymore either through PAM or outside of PAM. Disabling/removing the SFA prevents the problem from coming back.
May affect any Windows server with PAM SFA version 4.2.0 or lower installed.
The whitelist assigned to the access policy included an entry for address 255.255.255.255, which also is the mask for specific IP entries. This exposed a bug in the driver that caused it to be looping.
Once a Windows server is in that state, only a reboot will make it accessible again. Removing any 255.255.255.255 entry from the socket filter list should prevent the problem from coming back.
For PAM 4.2.0 use the SFA installer from hotfix 4.2.0.05 to resolve the problem.
The fix will be included in the upcoming (Dec 2024) 4.2.1 maintenance release.