Intermittent Orange Screen on Windows RDP Sessions via PAM Client for macOS
search cancel

Intermittent Orange Screen on Windows RDP Sessions via PAM Client for macOS

book

Article ID: 409806

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When connecting to Windows RDP from macOS through PAM Client for macOS, the Windows Desktop occasionally displays an orange screen color. This orange screen sometimes resolves itself after a few minutes, but at other times it persists. The issue is reproducible when connecting both with and without autologin. 

Environment

  • PAM Client 4.2.1 and prior versions (not observed with PAM 4.3)
  • Operating System: macOS Sequoia version 15.5
  • Application Protocol: RDP
  • Windows Desktop (Windows 10, Windows 11 client versions; not observed on Windows Server 2016, 2019, 2022, 2025)

Cause

Investigations have concluded that the intermittent orange screen issue is not a PAM issue. The root cause appears to be specific to the Windows App's display behavior on macOS, potentially related to its color management implementation and lack of support for 24-bit color depth . This conclusion is supported by the following observations:

  • This issue only affects connections to Windows desktop releases, not Windows server releases, as Windows server versions default to a lower 16-bit color depth.
  • Session recordings of affected sessions do not show the orange tint, indicating that the bitmap  data sent to the Windows App is correct.
  • The orange tint is typically only visible in the initial full-screen view of the Windows App, and resizing the window or restoring to full screen after exiting full screen often resolves the color issue.

Resolution

This issue is resolved in PAM Client 4.3 and later versions. These versions include an internal change to set the high color depth to 16-bit, which accommodates the Microsoft Windows App for macOS color depth limitations and prevents the intermittent orange screen.

For customers on PAM versions prior to 4.3, please refer to the workarounds below.

Additional Information

Workarounds (Applicable for PAM versions prior to 4.3):

1. Set High Color Depth to 16-bit on the remote Windows Desktop (Windows 10/11): This configuration is required due to the way high color depth is supported in the Microsoft macOS client.

- Run gpedit.msc as administrator.
- Navigate to Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment.
Modify the "Limit maximum color depth" setting.
- Select Enabled, and then set the Color Depth to 16 bit.
- Click OK and run gpupdate /force in a command window.

2. Toggle Window Mode: Toggling the window of the Windows App between full-screen mode and windowed mode may temporarily resolve the orange tint.

Powered by Wolken Software