PAM (Privileged Access Manager) admin is attempting to integrate A2A v4.5.3 with PAM 4.2.1. These agents are installed on old Windows 2008 servers and our service fails to start since upgrading.

A2A 4.5.3

PAM 4.1.2 and higher

A2A v4.5.3 is not compatible with PAM 4.1.2 and higher

The official resolution; is to upgrade the OS and the A2A to later supported versions of our A2A Agents (4.12.3.x) and the OS.

However if there is some legacy application integrated into our old A2A Agents or some other type business justification to keep these old Agents:

Then you need to utilize SSL Offloading via a Load Balancer to bridge TLS v1.0 to TLS 1.2 by using 2 SSL Profiles:

• a SSL Client Profile to the v4.5.3 Agent with (No TLSv1.3 and No DTLSv1.2) -> which allow anything under this. (F5 -> Local Traffic -> Profiles -> SSL)
• a SSL Server Profile to PAM 4.2.1 with (No TLSv1.3 and No TLSv1) -> which will allow TLS 1.2 (F5 -> Local Traffic -> Profiles -> SSL)
• Also remember to create a HTTP Profile on your Virtual Server to account for X-Forwarded-For header, so PAM know the servername/ip address of the originating v4.5.3 agents
• Finally, your A2A v4.5.3 Agents need to be configured to this Virtual Server hostname, which will have the PAM Appliances in the associated LB pool.