Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  PAM Client 3.3.0 error

    Posted Oct 28, 2019 04:06 AM
    Hi All,

    ​My customer is faced with a bit trouble with a PAM client.
    Could you please tell me if you know the cause.

    1. Execute a PAM Client.But it stop with the following message many times.
    The Message1 (Japanese)

       Then he re-boot a PC.

    2. After that, it can start. But the following message apears.
    The Massage 1 (Japanese)

    This problem is sometimes occured on his pc.
    He is afraid that it will be occur on subconstractor's pc.

    Thank you in advance.

    Best regards,
    Fumiko Nishimura.


  • 2.  RE: PAM Client 3.3.0 error

    Broadcom Employee
    Posted Oct 28, 2019 08:15 PM
    Hi Fumiko,

    When PAM Client is launched, it has to contact the PAM server and check what version it is, then it has to check if the local copies of jar files match the version.
    If the version match then PAM Client would use the local copy and logon to PAM.
    If the version mismatch then PAM Client would need to download the jar files from the PAM Server so that will show you the screen asking the user to approve the update.

    It appears the PAM Client's locally cached jar files are not in a good state.
    I would recommend clearing the PAM Client local cache and try again and see if the problem goes away.

    If the user continues to experience this problem then it would be good to check if the antivirus software is somehow interfering with PAM Client.

    Good luck
    Kim

    ------------------------------
    Support Engineer 5
    Broadcom
    ------------------------------

    Original Message


  • 3.  RE: PAM Client 3.3.0 error

    Posted Oct 30, 2019 05:04 AM
    ​Hi Kim,

    ​Thank you for your prompt reply.
    I understood that thanks to your kind explanation.
    But please let me ask you some more questions.

    >If the version mismatch then PAM Client would need to download the jar files from the PAM Server so that will show you the screen asking the user to approve the update

    PAM Client sometimes  download the following JRE packeges from "CA Delivery Network" or "Private Delivery Network" (NOT from PAM Server).

    <Key>ca-pam/module/win/runtime-1.8.0_144.zip</Key>
    <Key>ca-pam/module/win/runtime-1.8.0_171.zip</Key>
    <Key>ca-pam/module/win/runtime-1.8.0_181.zip</Key>
    <Key>ca-pam/module/win/runtime-1.8.0_201.zip</Key>
    <Key>ca-pam/module/win/runtime-1.8.0_74.zip</Key>

    What situation does PAM client need them?
    My customer can not connect to internet from his PC.
    Should I download those files and put them on his PC in advance like the following imformation?

    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=132511

    Best regards,
    Fumiko.
    Original Message


  • 4.  RE: PAM Client 3.3.0 error

    Broadcom Employee
    Posted Oct 30, 2019 02:27 PM
    Hello Fumiko, This article was written before PAM 3.3.1 was available. By now 3.3.1 is released and addresses the PAM client upgrade problem. Please upgrade to 3.3.1.
    Original Message


  • 5.  RE: PAM Client 3.3.0 error

    Posted Oct 31, 2019 07:23 AM
    ​Hello Ralf,

    Thank you for your helpful information.
    But please let me ask you two more questions.

    <1> Do I need to match PAM client and PAM server version?
        For instance, Is it OK that PAM server is 3.1.1 and PAM client is 3.3.1?

    <2> If I understand correctry,it is uncommon to connect to CA CDN for version check.
        It is general to connect to only PAM Server for check. Is it correct?

    Best Regards,
    Fumko.
    Original Message


  • 6.  RE: PAM Client 3.3.0 error
    Best Answer

    Broadcom Employee
    Posted Oct 31, 2019 10:38 AM
    Hi Fumiko, The client updates itself, in general you do not have to worry about that. But prior to 3.3.1 (or 3.2.6) there could be a problem if the client finds that to talk to this PAM server it needs a different JRE, and then is not able to download the required JRE from the cloud. This is fixed in the latest maintenance releases, where the client gets all required files directly from the PAM server and doesn't need to access the public cloud or your configured distribution server.
    In the 3.3.1 release notes at https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/release-information/resolved-issues-in-3-3_1.html you find this documented as follows:

    01373853
    20012359
    DE420325
    Attempting to update an earlier CA PAM Client to 3.3 fails with an error while downloading

    Original Message


  • 7.  RE: PAM Client 3.3.0 error

    Posted Nov 01, 2019 07:44 AM
    Hello Ralf,

    Thank you for your so useful answer.I have not known that.
    If you do not mind, I would like to ask you one more question.

    A problem was fixed by PAM "Server" v3.3.1 (or v3.2.6).
    How about PAM Server v3.1.1 and PAM "Client" v3.3.1?

    My customer uses above version.
    Today she Installed PAM Client v3.3.1 then the following message appeared .
    Downgrade message (Japanese)
    I know it is common.
    But she definetly do not want to connect to Internet from her PC so she push [Cancel] button.

    If I understand correctly, PAM Client v3.3.1 has all JRE enviornment.
    So even if PAM Sever v3.1.1, PAM Client v3.3.1  does not connect to internet.
    Is my understanding correct?

    Best Regards,
    Fumiko
    Original Message


  • 8.  RE: PAM Client 3.3.0 error

    Broadcom Employee
    Posted Nov 01, 2019 10:57 AM
    Yes, correct. She should not hit the cancel button but let the PAM client download the files from the PAM server.
    Original Message


  • 9.  RE: PAM Client 3.3.0 error

    Posted Nov 08, 2019 12:23 AM
    Hi Ralf,

    Thank you for your kind help and sorry for the late reply.
    We needed to put runtime-1.8.0_144 on a pc manually when use PAM Client 3.3.1 + PAM Server 3.1.1.
    But it worked well even without connecting to internet.

    Thank you very much.
    Best Regards,
    Fumiko.
    Original Message