Symantec Privileged Access Management

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Ain, 

As I understand, this timeout is related to the PAM client's connection to the PAM appliance and occurs when you launch the PAM client, enter or select your site name and it is unreachable.  If you are getting timeouts, I would check your DNS and network connectivity between the workstation running the PAM client and the PAM appliances to make sure you are resolving the address and that you are able to successfully connect.  This can also be done with a browser for quick testing as well.  This is not related to the configurable timeouts within the PAM appliance such as Session Timeouts found under the Global Settings.  



------------------------------
David Miller
Symantec PAM Services Consultant
Broadcom
------------------------------

Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.
Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Hi all,
Thanks for replying.
How do I know the timeout is due to network issue or issue with PAM client, from the log?
This issue only affected 1 user and it worked fine on its own after a while.

Snippets of the log:
2022-04-27 16:10:02 ERROR - Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset
-
-
Caused by: java.net.SocketException: Connection reset
-
-
2022-04-27 16:10:02 INFO - Displaying error message: Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
-
-
2022-04-27 16:10:04 INFO - Instance manager stopped after calling unmanageInstance(). Details: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect com.ca.client.updater.Instance [AWT-EventQueue-0]
2022-04-27 16:10:04 ERROR - Error calling remote clientUpdater com.ca.client.updater.Instance [AWT-EventQueue-0]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset

Thanks again.

Regards,
Ain
Original Message:
Sent: May 10, 2022 01:07 PM
From: Ralf Prigl
Subject: PAM Client connection timeout

Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.
Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Ok, so you actually do NOT have a timeout problem, but a "Connection refused" problem when the client tries to open a local socket connection to the RMI (Remote Method Invocation) server. Was there an error earlier saying that the RMI server could not create a listener socket? Which PAM release are you running, and what is the Operating System the PAM client is installed on?
Original Message:
Sent: May 12, 2022 11:39 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi all,
Thanks for replying.
How do I know the timeout is due to network issue or issue with PAM client, from the log?
This issue only affected 1 user and it worked fine on its own after a while.

Snippets of the log:
2022-04-27 16:10:02 ERROR - Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset
-
-
Caused by: java.net.SocketException: Connection reset
-
-
2022-04-27 16:10:02 INFO - Displaying error message: Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
-
-
2022-04-27 16:10:04 INFO - Instance manager stopped after calling unmanageInstance(). Details: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect com.ca.client.updater.Instance [AWT-EventQueue-0]
2022-04-27 16:10:04 ERROR - Error calling remote clientUpdater com.ca.client.updater.Instance [AWT-EventQueue-0]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset

Thanks again.

Regards,
Ain
Original Message:
Sent: May 10, 2022 01:07 PM
From: Ralf Prigl
Subject: PAM Client connection timeout

Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.
Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Thanks for the prompt response.

PAM release: 3.4.6
OS where PAM client is installed: Windows 10

Not sure if this is related to "server could not create a listener socket".

2022-04-27 16:08:01 ERROR - Loading client structure failed by unknown reason com.ca.client.updater.DefaultClientStructureListener [RMI TCP Connection(34)-127.0.0.1]
javax.net.ssl.SSLException: Read timed out
-
-
Caused by: javax.net.ssl.SSLException: Read timed out
-
-
Suppressed: java.net.SocketException: Connection reset by peer: socket write error
-
-
Caused by: java.net.SocketTimeoutException: Read timed out
-
-
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [AWT-EventQueue-0]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [Thread-23]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [Thread-23]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [AWT-EventQueue-0]
Original Message:
Sent: May 12, 2022 11:52 AM
From: Ralf Prigl
Subject: PAM Client connection timeout

Ok, so you actually do NOT have a timeout problem, but a "Connection refused" problem when the client tries to open a local socket connection to the RMI (Remote Method Invocation) server. Was there an error earlier saying that the RMI server could not create a listener socket? Which PAM release are you running, and what is the Operating System the PAM client is installed on?
Original Message:
Sent: May 12, 2022 11:39 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi all,
Thanks for replying.
How do I know the timeout is due to network issue or issue with PAM client, from the log?
This issue only affected 1 user and it worked fine on its own after a while.

Snippets of the log:
2022-04-27 16:10:02 ERROR - Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset
-
-
Caused by: java.net.SocketException: Connection reset
-
-
2022-04-27 16:10:02 INFO - Displaying error message: Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
-
-
2022-04-27 16:10:04 INFO - Instance manager stopped after calling unmanageInstance(). Details: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect com.ca.client.updater.Instance [AWT-EventQueue-0]
2022-04-27 16:10:04 ERROR - Error calling remote clientUpdater com.ca.client.updater.Instance [AWT-EventQueue-0]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset

Thanks again.

Regards,
Ain
Original Message:
Sent: May 10, 2022 01:07 PM
From: Ralf Prigl
Subject: PAM Client connection timeout

Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.
Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain

Hello Ain, Detailed review of logs goes beyond the scope of a community post. Please open a case with Support so that we can investigate this further.
Original Message:
Sent: May 12, 2022 12:57 PM
From: Ain Abdullah
Subject: PAM Client connection timeout

Thanks for the prompt response.

PAM release: 3.4.6
OS where PAM client is installed: Windows 10

Not sure if this is related to "server could not create a listener socket".

2022-04-27 16:08:01 ERROR - Loading client structure failed by unknown reason com.ca.client.updater.DefaultClientStructureListener [RMI TCP Connection(34)-127.0.0.1]
javax.net.ssl.SSLException: Read timed out
-
-
Caused by: javax.net.ssl.SSLException: Read timed out
-
-
Suppressed: java.net.SocketException: Connection reset by peer: socket write error
-
-
Caused by: java.net.SocketTimeoutException: Read timed out
-
-
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [AWT-EventQueue-0]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [Thread-23]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [Thread-23]
2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [AWT-EventQueue-0]
Original Message:
Sent: May 12, 2022 11:52 AM
From: Ralf Prigl
Subject: PAM Client connection timeout

Ok, so you actually do NOT have a timeout problem, but a "Connection refused" problem when the client tries to open a local socket connection to the RMI (Remote Method Invocation) server. Was there an error earlier saying that the RMI server could not create a listener socket? Which PAM release are you running, and what is the Operating System the PAM client is installed on?
Original Message:
Sent: May 12, 2022 11:39 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi all,
Thanks for replying.
How do I know the timeout is due to network issue or issue with PAM client, from the log?
This issue only affected 1 user and it worked fine on its own after a while.

Snippets of the log:
2022-04-27 16:10:02 ERROR - Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset
-
-
Caused by: java.net.SocketException: Connection reset
-
-
2022-04-27 16:10:02 INFO - Displaying error message: Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
-
-
2022-04-27 16:10:04 INFO - Instance manager stopped after calling unmanageInstance(). Details: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect com.ca.client.updater.Instance [AWT-EventQueue-0]
2022-04-27 16:10:04 ERROR - Error calling remote clientUpdater com.ca.client.updater.Instance [AWT-EventQueue-0]
java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
java.net.SocketException: Connection reset

Thanks again.

Regards,
Ain
Original Message:
Sent: May 10, 2022 01:07 PM
From: Ralf Prigl
Subject: PAM Client connection timeout

Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.
Original Message:
Sent: May 10, 2022 03:10 AM
From: Ain Abdullah
Subject: PAM Client connection timeout

Hi,
Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

Regards,
Ain