RDP or SSH do not open the remote session to the target server

book

Article ID: 6995

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to to open an RDP or SSH session from PAM's Access page does not open the session to the target.

 

Enabling the Java Console and try to open an RDP or SSH session from PAM UI in a Web-browser, the Java Console shows the following error:

...

liveconnect: The html source is on the ESL or covered by a DRS run rule, however the jar's Caller-Allowable-Codebase attribute exists and does not include this source

liveconnect: Security Exception: JavaScript from https://PamServer/conn/wUP.php?PHPSESSID=66cda8bebd40001156da2a9786ab11ad attempted to access a resource it has no rights to.

...

Cause

This happens when the Applets (Config->Security->Sign XSuite Applets) were signed specifying a wrong value for Xsuite Domain.

 

Environment

Issue has been observed in PAM version: 2.6.3 but could potentially happen in any other version

Resolution

Go to Config->Security->Sign XSuite Applets.

Edit the Xsuite Domain with the PAM node IP or hostname of the local PAM instance. (Do not use the Virtual Cluster name)

Click on Sign Applets with Certificate.

This may take few minutes to refresh. Don't close the windows nor refresh manually the page.