This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pam agent fails to connect

I have been trying to implement RDP relay rule. After installation of agent and registration of agent with the framework , the agent is showing in the hosts section of the framework but it looks like the client is somehow not able to establish connection. Tried a lot of things like -

Disabling NLA in client system

RDP security set as negotiate

(Note: Secure boot is enabled ). 

Any suggestions would be much appreciated.

 

Getting the following errors

On 10.120.0.87 (framework - linux) -
Info, cmdctrl request accepted for '<rdp> RDP-RELAY_DEMONAME' from test012@10.120.10.19 as Edir\admin@10.120.0.99
Info, cmdctrl checkAuth client:localhost rc:0 status:0 (57ms)
Error, Service lookup failed: 500 no peer
Info, rdprelay authSession client:localhost rc:0 status:0 (89ms)
Info, regclnt getSessionCache client:idam-nfm1 rc:0 status:0 (0ms)

On 10.120.0.99 (Agent - Windows)

Info, rexec logMsg client:idam-nfm1 rc:0 status:0 (0ms)
Error, Failed to connect to idam-nfm1:29120
Info, regclnt getSessionCache client:idam-windows rc:0 status:0 (0ms)
Info, rexec logMsg client:idam-nfm1 rc:0 status:0 (2481ms)
Error, Failed to connect to idam-nfm1:29120

  • 0

    Hi,

    Kindly check below in your PAM environment:

    1- 29120 Port should be open bidirectional between PAM and RDP server.

    2- Date/Time is sync with NTP

    3- Name resolution is proper.

    kindly perform above points and share status.

  • 0 in reply to 

      Hi, I double checked all your points, everything is in place.

  • 0   in reply to 
    From the Hosts Console, when you select this Agent Host, please verify if the Status is reported to be "online" or if no details are fetched regarding the host. I see the following error in your log and it indicates a problem in connectivity from Agent to I assume the Manager server (idam-nfm1):
    Error, Failed to connect to idam-nfm1:29120
  • 0 in reply to   

     The Status of agent is online. I am also able to access the host log  from command control.  Can you suggest me the area where the problem could lie. Tried a bunch of solutions but to no avail.

    To reiterate , The Framework is installed in Linux platform(10.120.0.87) and agent is installed in Windows platform(10.120.0.99).

  • 0   in reply to 

    Ok, since the host reports as online now, then I think it's safe to assume here that the network communication error we saw originally in the log you posted has since been resolved.

    1. What version of Privileged Account Manager?

    2. As for the rdp connection, what is the exact error the user receives? You mention that the client is somehow "not able to establish connection," but it would be helpful to confirm the exact error the user receives.

    3. What is the "rexec" module status on the Agent from the Hosts Console?
      E.g. Hosts Console > Select the "idam-windows" host > Select "Packages" in the top right > "Status" column for the "rexec" module.

    4. Is the following error present in the Agent's unifid.log?
      NPUM driver is not initialized
  • 0 in reply to   

    If you have different node acting as RDP Relay Server, verify the name resolution are working from that system or not, also veriy 29120 port must be opened from there.

  • Verified Answer

    0 in reply to 

    Hi    , Thank you so much for your contribution. I was overwhelmed by the response from the community.  Going back to the problem, I was finally able to solve it. The solution was to keep the secure boot option in Windows client turned off.  It then started to behave normal. 

    Once again, Thank you guys!

  • 0 in reply to 

    ..  here, sorry, was logged-in as a test user trying something out and posted this without realizing it

    Awesome, that is good to hear. I suspect Secure Boot should be working fine post PAM 3.7 release if you wanted to go ahead with an upgrade and keep that enabled at some point.

    See the Release Notes of PAM 3.7.
    And TID 7024120.