Symantec Privileged Access Management

 View Only
  • 1.  PAM Client connection timeout

    Posted May 10, 2022 03:10 AM
    Hi,
    Is PAM client connection timeout set as 40 seconds? Found this article but not sure if it's applicable for the later version.
    https://knowledge.broadcom.com/external/article/110256/is-the-pam-client-connection-timeout-con.html?msclkid=946e1fd6c78411ecb817175ffedfefe5

    Regards,
    Ain


  • 2.  RE: PAM Client connection timeout

    Broadcom Employee
    Posted May 10, 2022 09:05 AM
    Edited by David Miller May 10, 2022 09:05 AM
    Ain,

    As I understand, this timeout is related to the PAM client's connection to the PAM appliance and occurs when you launch the PAM client, enter or select your site name and it is unreachable.  If you are getting timeouts, I would check your DNS and network connectivity between the workstation running the PAM client and the PAM appliances to make sure you are resolving the address and that you are able to successfully connect.  This can also be done with a browser for quick testing as well.  This is not related to the configurable timeouts within the PAM appliance such as Session Timeouts found under the Global Settings.



    ------------------------------
    David Miller
    Symantec PAM Services Consultant
    Broadcom
    ------------------------------



  • 3.  RE: PAM Client connection timeout

    Broadcom Employee
    Posted May 10, 2022 01:07 PM
    Hello Ain, The information in KB 110256 is valid still. The timeout actually is 20 seconds, not 40 seconds, see the discussion in the KB. You see the PAM client report an error after 40 seconds because there is one retry. Due to processing at the beginning, between the two attempts, and at the end, it may be 41 or 42 seconds. You will find two timeout errors in the PAM client log file logs.log, typically 21 seconds apart.


  • 4.  RE: PAM Client connection timeout

    Posted May 12, 2022 11:39 AM
    Hi all,
    Thanks for replying.
    How do I know the timeout is due to network issue or issue with PAM client, from the log?
    This issue only affected 1 user and it worked fine on its own after a while.

    Snippets of the log:
    2022-04-27 16:10:02 ERROR - Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
    java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
    java.net.SocketException: Connection reset
    -
    -
    Caused by: java.net.SocketException: Connection reset
    -
    -
    2022-04-27 16:10:02 INFO - Displaying error message: Can't connect to instance manager, please restart CA PAM Client com.ca.client.ui.LauncherXsuiteDialog [SwingWorker-pool-1-thread-1]
    -
    -
    2022-04-27 16:10:04 INFO - Instance manager stopped after calling unmanageInstance(). Details: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
    java.net.ConnectException: Connection refused: connect com.ca.client.updater.Instance [AWT-EventQueue-0]
    2022-04-27 16:10:04 ERROR - Error calling remote clientUpdater com.ca.client.updater.Instance [AWT-EventQueue-0]
    java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
    java.net.SocketException: Connection reset

    Thanks again.

    Regards,
    Ain


  • 5.  RE: PAM Client connection timeout

    Broadcom Employee
    Posted May 12, 2022 11:52 AM
    Ok, so you actually do NOT have a timeout problem, but a "Connection refused" problem when the client tries to open a local socket connection to the RMI (Remote Method Invocation) server. Was there an error earlier saying that the RMI server could not create a listener socket? Which PAM release are you running, and what is the Operating System the PAM client is installed on?


  • 6.  RE: PAM Client connection timeout

    Posted May 12, 2022 12:57 PM
    Thanks for the prompt response.

    PAM release: 3.4.6
    OS where PAM client is installed: Windows 10

    Not sure if this is related to "server could not create a listener socket".

    2022-04-27 16:08:01 ERROR - Loading client structure failed by unknown reason com.ca.client.updater.DefaultClientStructureListener [RMI TCP Connection(34)-127.0.0.1]
    javax.net.ssl.SSLException: Read timed out
    -
    -
    Caused by: javax.net.ssl.SSLException: Read timed out
    -
    -
    Suppressed: java.net.SocketException: Connection reset by peer: socket write error
    -
    -
    Caused by: java.net.SocketTimeoutException: Read timed out
    -
    -
    2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [AWT-EventQueue-0]
    2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Chromium process exit code: 1 syserr [Thread-23]
    2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [Thread-23]
    2022-04-27 16:10:02 INFO - 16:10:02.325 ERROR Crash dump dir: C:\Users\<user>\AppData\Local\JxBrowser\7.15\CrashReports syserr [AWT-EventQueue-0]


  • 7.  RE: PAM Client connection timeout

    Broadcom Employee
    Posted May 12, 2022 01:08 PM
    Hello Ain, Detailed review of logs goes beyond the scope of a community post. Please open a case with Support so that we can investigate this further.