search cancel

Post Upgrade to 2.8.1 Transparent login stop working.


Article ID: 5876


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


I have had a working Transparent Login configuration with RDP Application. When I upgraded to 2.8.1, it no longer works. With 2.8.1, the client executes properly. It is able to put an IP address/hostname and username but is unable to put the password. 



Release 2.8.1


Prior to 2.8.1 the hostname, username and password were pushed to the TL client when you opened the RDP session. With 2.8.1 the password is not part of the information pushed to the TL client. Instead the TL client will request the password from PAM when it is needed. 


If the TL client cannot open a HTTPS session to PAM it cannot fetch the password and you will see it as being stuck at the password field.


If you connect to PAM via a NAT'ted firewall with port mapping, this will not work. The TL client will use the browser address when connecting to PAM. Only the hostname is used but not any port number. The port number is fixed if you connect to PAM using anything but 443, the TL client will not fetch the password fetch.


Furthermore, then the connection from the TL client is opened it opens an HTTPS connection. If the PAM server certificate cannot be verified then the connection will not be established and the password is not fetched. On your jump server (where the TL client is running) validate that you can open a browser to PAM without any warnings or errors. If there are anything about a untrusted connection or a certificate validation warning, then the TL client will not work.



Try to disable the certificate revocation check on the jump server. 

Open Internet Explorer. Navigate to Tools -> Internet Options. Under the Advanced tab in the security section, there are two settings for revocation checking. Disable both.

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKRGAA4" alt="BrowserSettings.png" width="413" height="528">

Note: These settings are user dependent on the Jump server and must be done with the same user (or users) account as used when opening the RDP session from PAM to the Jump server.  


1558707735721000005876_sktwi1f5rjvs16qsw.png get_app