Symantec Privileged Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Disable CA PAM Client Update Checking

  • 1.  Disable CA PAM Client Update Checking

    Posted Mar 26, 2020 05:22 PM
    Hello, i have a problem to disable Client Update Checking, i do: 
    • Shut down any CA PAM Client instances that are running.
    •  In the CA PAM Client installation folder, create a file called update with no file extension. 
    • Open the update file with a text editor and entering the word false. Save and close the file.
    • Set permissions for the update file. For administrators, set full permissions. For users, set read-only permissions.
    But Ca  PAM checking it always, the version client is 3.0.3.19 Windows OS.
    THX


  • 2.  RE: Disable CA PAM Client Update Checking

    Broadcom Employee
    Posted Mar 26, 2020 07:11 PM
    Hello Cristian, This should work, although I strongly advise against it. You are in danger of running into problems whenever a patch is applied that updates one of the client jar files. A common problem on Windows is that the folder option "Hide extensions for known file types" is enabled by default. Thus it may look like your file has no extension, but it actually has. Please check on that.
    Original Message


  • 3.  RE: Disable CA PAM Client Update Checking

    Posted Mar 27, 2020 06:08 AM
    Hello Ralf,  file haven't extension. I follow step by step the proceduce, but nothing.
    THX
    Original Message


  • 4.  RE: Disable CA PAM Client Update Checking

    Broadcom Employee
    Posted Mar 27, 2020 08:09 AM
    Cristian

    The method you are referring to is not a supported feature of the product and as far as I know only used for troubleshooting other issues. Using something like this in a production environment for any other purpose would be against all recommendations from Broadcom. You could corrupt your database or impact the production PAM service in a negative manner. Do you have an issue that requires you to turn this feature off?

    Joe
    Original Message


  • 5.  RE: Disable CA PAM Client Update Checking

    Posted Mar 27, 2020 08:39 AM
    Hello Joseph Lutz, Yes  Ca Pam Often, stay in this situation for long time. I don't understand but why braodcom put this fix but don't working the solution.
    THX
    Original Message


  • 6.  RE: Disable CA PAM Client Update Checking

    Broadcom Employee
    Posted Mar 27, 2020 09:00 AM

    Cristian

    The issue you are describing is not a valid reason for disabling a feature like this. Enabling cache on the client should allow the client to store details on the workstation which will stop the client from needing to do an update when connecting for the second time.  If cache is enabled already and the files are not getting updated but the check process is slow then you may need to look at your network. BUT before going down any troubleshooting path, I notice from your graphic that your client version shows 3.0.3.19….You said " I don't understand but why broadcom put this fix but don't working the solution" . How do you know if Broadcom is not working on this problem when it does not look like you have updated since 3.0 ….We are close to ending support for 3.2 and you have not upgraded. This may simply be because you client version hasn't upgraded but that would be even worse because there would be a lot of fixes you are missing. I strongly suggest you upgrade your systems to the latest versions ( 3.3.2 ) and then if you cannot figure out why the cache feature is not working on 3.3 you can open a ticket with support to assist you in evaluating your network and configuration.

     

    Joe


    Original Message


  • 7.  RE: Disable CA PAM Client Update Checking

    Posted Mar 27, 2020 09:58 AM
    OK, we try to update it, i'll tell you if all go ok!
    THX
    Original Message


  • 8.  RE: Disable CA PAM Client Update Checking

    Posted Mar 27, 2020 02:59 PM
      |   view attached
    Hello, I have updated client, but when connect it the server tell me make an downgrade, maybe also the server i have to update? the file now working
    Can I ask you just last thing, we have sometime problem with loopback like in the picture Uploaded, may be this depend by the old version we use? 
    We use Ca Pam Client in Xenapp so many user have access to te application.
    THX a lot!

    Original Message


  • 9.  RE: Disable CA PAM Client Update Checking
    Best Answer

    Broadcom Employee
    Posted Mar 27, 2020 03:21 PM
    Cristian

    I sorry for the confusion ... The client must always be at the version of the server. It was designed to upgrade and downgrade on the fly to match whatever server you connect to. This is by design to guarantee a no mismatch. A mismatch can occur if you are using either a later or earlier version. I meant you need to upgrade the PAM server which the client connects to ... this will automatically upgrade your client version...again running mismatched client version is not supported at all.

    Does this clear some confusion ?

    Joe
    Original Message


  • 10.  RE: Disable CA PAM Client Update Checking

    Broadcom Employee
    Posted Mar 27, 2020 03:49 PM
    Cristian

    you can use Xenapp to allow clients to access the CA PAM client but that still has to be the right version....I wanted to make sure... 3.0.x is not a supported version at all. We still support 3.2.x for a little longer but even that wont be around much longer. You ideally should be upgrading the server up to 3.3.2 .. this will upgrade you client version as well.

    Joe
    Original Message


  • 11.  RE: Disable CA PAM Client Update Checking

    Posted Mar 27, 2020 03:56 PM
    All now is Clear, thank you so much. Well Done.
    Original Message