This is a known issue from Password Authority and is fixed in Privileged Access Management.
- We found some Proxy target Applications with empty proxies. The selected proxies are empty.
But the accounts are getting verified.
- If we search via CLI tool for the target applications where the type is the Windows Proxy, then we see the agentID (proxy server) assigned.
This is a known bug.
The Available Proxies list, on the Windows Proxy Target Connector, is limited to 1,000 proxies. If I have more then I am unable to select a proxy if it is not in the top 1,000.
This known behaviour is fixed in the integration of PA in PAM .
- Remove unusefull proxy server up to get the agent installed up to 1000 machines.
or
-Work with the RemoteCLI as workaround:
Below are the commands that you can use with the RemoteCLI:
Use this command to search for the proxy target applications:
capam_command UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows
or search by hostname:
capam_command UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetServer.hostName=<Hostname>
or search by hostname and application type:
capam_command UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows TargetServer.hostName=<Hostname>
You will get the target application information. One of the values is the Attribute.agentId, which is the Windows Proxies ID used to manage passwords.
The agentid is the requestserverid in the requestserver table.
The following query will let you know the proxy server details that is selected in the Target Application:
capam_command UserID=<PA username> capam=<PA IP> cmdName=searchRequestServer RequestServer.ID=<agentid>
********
If you are working with Password Authority and you have access to the Database, you can just execute the queries.
These are basic queries. You can customize it to your convenience.
Query to list the agentID of all the proxy servers assigned to the proxy target applications.
select value from attribute where hash in (select hash from TargetApplication where type='windows') and deleted=0 and name='agentID';
Query to know the proxy hostname, ip and port:
select * from requestserver where requestserverid = <attribute.value>;
Note: requestserver.requestserverid is a numeric type while the attribute.value is a varchar(max). If there's more than a proxy selected in a target application, the "value" column will include both requestserverids in the field, followed by a comma.
********
Prepare to use the RemoteCLI:
https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/prepare-to-use-the-credential-cli-and-java-api
Install and Configure the RemoteCLI:
https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/use-the-credential-manager-cli/install-and-configure-the-credential-management-cli