Password Authority: Windows Proxy Target Application type does not show the proxy server selected
search cancel

Password Authority: Windows Proxy Target Application type does not show the proxy server selected

book

Article ID: 8951

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

This is a known issue from Password Authority and is fixed in Privileged Access Management. 

- We found some Proxy target Applications with empty proxies. The selected proxies are empty. 

But the accounts are getting verified. 

- If we search via CLI tool for the target applications where the type is the Windows Proxy, then we see the agentID (proxy server) assigned. 

 

 

Environment

Password Authority 4.5.3.7 version Password Authority 4.5.3.10 version

Cause

This is a known bug. 

The Available Proxies list, on the Windows Proxy Target Connector, is limited to 1,000 proxies. If I have more then I am unable to select a proxy if it is not in the top 1,000. 

This known behaviour is fixed in the integration of PA in PAM .

Resolution

- Remove unusefull proxy server up to get the agent installed up to 1000 machines.

or

-Work with the RemoteCLI as workaround:

Below are the commands that you can use with the RemoteCLI:

Use this command to search for the proxy target applications

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows 

or search by hostname

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetServer.hostName=<Hostname> 

or search by hostname and application type

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows TargetServer.hostName=<Hostname>

 

You will get the target application information. One of the values is the Attribute.agentId, which is the Windows Proxies ID used to manage passwords.

The agentid is the requestserverid in the requestserver table. 

 

The following query will let you know the proxy server details that is selected in the Target Application

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchRequestServer RequestServer.ID=<agentid>

********

If you are working with Password Authority and you have access to the Database, you can just execute the queries.

These are basic queries. You can customize it to your convenience. 

Query to list the agentID of all the proxy servers assigned to the proxy target applications. 

select value from attribute where hash in (select hash from TargetApplication where type='windows') and deleted=0 and name='agentID';

Query to know the proxy hostname, ip and port:

select * from requestserver where requestserverid = <attribute.value>;

Note: requestserver.requestserverid is a numeric type while the attribute.value is a varchar(max). If there's more than a proxy selected in a target application, the "value" column will include both requestserverids in the field, followed by a comma.

********

Additional Information

Prepare to use the RemoteCLI:

https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/prepare-to-use-the-credential-cli-and-java-api

 

Install and Configure the RemoteCLI:

https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/use-the-credential-manager-cli/install-and-configure-the-credential-management-cli

Powered by Wolken Software