Layer7 Privileged Access Management

Expand all | Collapse all

Duplicated entries in Session Log

Jump to Best Answer
  • 1.  Duplicated entries in Session Log

    Posted 04-03-2019 09:53 PM

    Product: CA PAM 3.2.4

    Issue: Everytime i access some of my web portal (in this case McAfee product) using CA PAM built-in browser, i've got more than dozens of same entries "PAM-SPFD-0006: CA PAM[5288]: Unable to open connection to this resource" which refer to clients1.google.com for some reason.If there's anybody who encounter similiar issue, can you share it with me, thank you.



  • 2.  Re: Duplicated entries in Session Log

    Posted 04-04-2019 05:42 AM

    Hi Jorghy

    I have not seen it, but it may simply be that the MacAffee product tries first of all to connect to that site for whatever reason and PAM is just preventing the connection. I would suggest 2 things

     

    1. To see if this is something which the MacAffee product does on its own, install fiddler on your machine (you can retrieve it from www.telerik.com) and see if the connection to the MacAffee portal outside of CA PAM invokes any type of traffic going to client1.google.com. Fiddler is, as you know, a utility to track http traffic. You may as well use F12 de tools from Chrome or any tool of your choice

     

    2. To see if this is related to PAM itself, try with the native browsers. Same problem ? Also, if you connect to any other portal using the native browser, do you experience the same ?

     

    I would strongly advise you to open a case for this, nevertheless as troubleshooting may not be easy here.



  • 3.  Re: Duplicated entries in Session Log

    Posted 04-04-2019 10:17 PM

    1. I'm not familiar with this fiddler thing and the product run on customer server so it's doubtful whether i'm allowed to install something there.

    2. No, using Chrome or Firefox from RDP Application did not produce the same behaviour as with CA PAM built-in browser.

     

    Note: Correct if i'm wrong, CA PAM use JxBrowser for their built-in right? If so, according to this article https://jxbrowser.support.teamdev.com/support/discussions/topics/9000048985, the browser trying to access Google while not being allowed on some software with high security standard.



  • 4.  Re: Duplicated entries in Session Log

    Posted 04-05-2019 04:20 AM

    Hi Jorghy

     

    Yes, the pam browser is jxbrowser and likely this behaviour is applicable. However, I have not seen this problem reported. I presume from your explanation that this is occurring with multiple websites ? If so, it may be necessary to modify the jxplorer preferences as mentioned, and this may require a case to be opened. Can you please do the same ?



  • 5.  Re: Duplicated entries in Session Log

    Posted 04-05-2019 05:27 AM

    Hi Jorghy,

     

    Same Version 3.2.4 and same problem too. MC affe ePO web on our case. Im tolking whith CA tecnician about it .



  • 6.  Re: Duplicated entries in Session Log

    Posted 04-08-2019 02:12 AM

    The only workaround for this that i know of are using other browser deployed as RDP Application of CA PAM. Works but inconvenient.

    Nb: This issue also coincidentally one of the prime suspect for my Clustering out-of-sync issue i mentioned on my other post.



  • 7.  Re: Duplicated entries in Session Log

    Posted 04-08-2019 02:16 AM

    This behaviour also makes me unable to generate report on session log from external MySQL server since the huge result whenever PAM trying to queried to MySQL server makes CA PAM display error "Communication Failure".



  • 8.  Re: Duplicated entries in Session Log
    Best Answer

    Posted 05-15-2019 11:25 AM

    The cause of this problem is in the jxBrowser that PAM uses as internal browser for Web Portal services. It tries to pull information from google sites like clients1.google.com. See section "Disabling Chromium Traffic" on page https://jxbrowser.support.teamdev.com/support/discussions/topics/9000048985

    The jxBrowser version used by current PAM releases do not allow the traffic to be disabled and initial tests with the latest versions that include the option to disable the traffic exposed some problems that we hope to have fixed in future jxBrowser/PAM versions. For now the only workaround is the use of RDP transparent login mentioned by Jorghy.