WinSCP fails to access via PAM and shows Network Error
Article ID: 75933
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Similar to the following, SFTP service has been setup under Services > TCP/UDP services for WinSCP access.
Basic Info:
Service Name: mysftp
Local IP: 127.0.0.222
Port(s): 22
Protocol: TCP
Administration:
Enable: <selected>
Application Protocol: Disabled
Client Application: "C:\Program Files (x86)\WinSCP\WinSCP.exe" sftp://<User>:<Password>@<Local IP> <First Port>
Policy has been setup so that a user can access this service to a target SFTP server.
However, when the user click the service link on his/her Access page the connection fails and WinSCP shows the following error dialog.
Network error: Connection to "127.0.0.222" refused.
The server rejected SFTP connection, but it listes for FTP connections.
Did you want to user FTP protocol instead of SFTP? Prefer using encryption.
When Restart Session is executed on the Access page, the following error was shown too.
The following loopback address could not be loaded:
127.0.0.222:22
Some Access Methods and Services may not work as expected until this error is fixed. Please contact your System Administrator.
Basic Info:
Service Name: mysftp
Local IP: 127.0.0.222
Port(s): 22
Protocol: TCP
Administration:
Enable: <selected>
Application Protocol: Disabled
Client Application: "C:\Program Files (x86)\WinSCP\WinSCP.exe" sftp://<User>:<Password>@<Local IP> <First Port>
Policy has been setup so that a user can access this service to a target SFTP server.
However, when the user click the service link on his/her Access page the connection fails and WinSCP shows the following error dialog.
Network error: Connection to "127.0.0.222" refused.
The server rejected SFTP connection, but it listes for FTP connections.
Did you want to user FTP protocol instead of SFTP? Prefer using encryption.
When Restart Session is executed on the Access page, the following error was shown too.
The following loopback address could not be loaded:
127.0.0.222:22
Some Access Methods and Services may not work as expected until this error is fixed. Please contact your System Administrator.
Environment
CA PAM multiple versions
WinSCP multiple versions
Cause
There is a 3rd party process in the PAM Client machine, where WinSCP was launched on, that is using TCP/22 port. For example, the 3rd party process is BvSshServer.exe. Because of this process, PAM Client failed to load TCP/22 port on any specified loopback address and caused this issue.
Resolution
Close PAM Client if any and then launch a DOS prompt on the PAM Client machine and run the following command
netstat -aon | findstr ":22"
E.g. if you get the following result
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 1228
then it means process with process ID (PID) equals to 1228 is using TCP/22 port. Now, launch Task Manager and go to its Details tab, add PID column if not exist, and find for the process. Shutdown the process, do Restart Session and try to access the service again.
netstat -aon | findstr ":22"
E.g. if you get the following result
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 1228
then it means process with process ID (PID) equals to 1228 is using TCP/22 port. Now, launch Task Manager and go to its Details tab, add PID column if not exist, and find for the process. Shutdown the process, do Restart Session and try to access the service again.
Feedback
Yes
No
Powered by
