RDP or SSH do not open the remote session to the target server


Article ID: 6995


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


Trying to to open an RDP or SSH session from PAM's Access page does not open the session to the target.


Enabling the Java Console and try to open an RDP or SSH session from PAM UI in a Web-browser, the Java Console shows the following error:


liveconnect: The html source is on the ESL or covered by a DRS run rule, however the jar's Caller-Allowable-Codebase attribute exists and does not include this source

liveconnect: Security Exception: JavaScript from https://PamServer/conn/wUP.php?PHPSESSID=66cda8bebd40001156da2a9786ab11ad attempted to access a resource it has no rights to.



This happens when the Applets (Config->Security->Sign XSuite Applets) were signed specifying a wrong value for Xsuite Domain.



Issue has been observed in PAM version: 2.6.3 but could potentially happen in any other version


Go to Config->Security->Sign XSuite Applets.

Edit the Xsuite Domain with the PAM node IP or hostname of the local PAM instance. (Do not use the Virtual Cluster name)

Click on Sign Applets with Certificate.

This may take few minutes to refresh. Don't close the windows nor refresh manually the page.