prasenjitmass Respected Contributor.
Respected Contributor.
824 views

How to configure a backup PAM server

Hi,
We have notice in PAM 3.2.0.5 , if PAM service get stopped then we could not take direct RDP session to any of the agent windows servers though rule for direct RDP is not created yet. How can we overcome from this issue? because if anyhow PAM server get down, then normal mstsc / rdp could not be done till the PAM server get started.

So, We want to create backup pam server, so, if one PAM failed then other will start automatically. Noticed that , in hosts ,in admin console there is option "add domain" . Is that related for configuring backup pam ? Can anyone explain the steps please ?

Thank you.
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Re: How to configure a backup PAM server

Are you referring to when PAM Manager service is down (i.e. Agent is unable to contact cmdctrl to receive session authorization) ? In this case, I believe Direct RDP sessions would be allowed, as there would be a statement in the unifid.log on the agent showing that cmdctrl is not reachable and that it would allow access to the user, but the session would be captured.

It is recommended to have a backup PAM Manager in case the primary goes down. Agents would then rely on the backup in this case to receive session authorization from cmdctrl. It is also important to keep audit-delivery-functionality happening properly in environment. This is done by simply installing Manager and registering it to the primary manager, which keeps packages in backup status OR register an agent and then install the relevant packages that should be backup to the primary.
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: How to configure a backup PAM server

Hi tdharris,
Thanks for your valuable advice. I want to clarify what you mean to say to create a backup PAM manager.
1. I have to install Install manager in another server.
2. Have to register that PAM Managet to primary PAM with command unifid regclnt register
a) framework manager name/ip : IP/name of Primary PAM
b) default port
c) Agent's name/ IP : name/IP of backup PAM
d) registered name : name of backup PAM
3. How to keep packages of primary PAM in backup PAM , can you explain please or have there any document which I can follow?
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: How to configure a backup PAM server

Hi tdharris,
Is that simply like how we update packages to other agent servers? Is there any concept of domain?

Thank you.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to configure a backup PAM server

Good question.

Once the Manager has been registered to another Manager, OR if some manager package is installed on an agent, then it operates by default in Backup mode to the Primary Manager. There can only be one Primary Manager in any environment. Changes in the environment are replicated from Primary to Backup(s). Any Backup can be promoted to Primary on a package/module level. To see this state status of Primary vs Backup, navigate to the Manager in the Hosts Console and select Packages to view the packages installed and make note of the Status column where it may state "(primary)" or "(backup)" in the case of manager packages.

So nothing more is needed to manually sync or trigger some backup mode, it is all managed by default once registering a new manager or installing manager packages to some host in an environment where a Primary Manager already exists.
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: How to configure a backup PAM server

Hi,
Thanks for your support. As you have mentioned ,I've created backup server and it works.but AD user could not authenticate through myaccess of backup PAM. Error in unifid.log as follows :

Thu Sep 13 12:30:32 2018, 555, 2363680512, 4906, Warning, User authentication failed for aduser10@idm_19.83(192.168.19.69)
Thu Sep 13 12:30:32 2018, 556, 2363680512, 4906, Info, auth login client:localhost rc:0 status:401(Invalid user name or password) (27ms)


192.168.19.86 is the primary PAM,192.168.19.83 is backup PAM and accessing from desktop 192.168.19.69 .
I've reconfigure the account domain with AD credentials, but still the issue persists.

Can you tell me where is the exact issue?

Thanks again
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: How to configure a backup PAM server

Hi,
Backup PAM server is now working . I think package update was not done properly.

Thanks a lot
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.