Symantec Privileged Access Management

View Only

How to identify sessions that were interrupted during login processing

Jump to Best Answer

MARUBUN SUPPORT posted Feb 03, 2025 04:21 AM

Hi Team,

How to identify sessions that were interrupted during login processing

[Product]

Symantec Privileged Access Manager

[Question]

When a customer logged in as a user using the PAM Client in one environment, the login process took a long time.

The customer closed the PAM Client as a temporary process by clicking on the ‘X’ in the top right-hand corner of the PAM Client.

Customers performed this operation several times.

The customer again logged in with the PAM Client, this time waiting until they could log in, which they were able to do.

Later, when they logged into PAM with PAM Client as an administrator and opened Session Management, there were several sessions.

Question 1
Since there is only one valid session, is it possible to distinguish between invalid ones?

Question 2
The invalid session could be erased by clicking the Logout button and logging out, but a dialogue was displayed.

PAM-CMN-1172: Your session has been terminated by an Symantec PAM Administrator.

Is there a way to prevent this dialog from appearing?

Thanks,

Broadcom Employee Ralf Prigl posted Feb 03, 2025 04:40 PM Best Answer

Hello, From a PAM server point of view these are not invalid sessions. There is no permanent connection between PAM client and server. Thus there is no automatic session end if the communication stops because the PAM client goes down in a way that doesn't notify the PAM server of the exit. My logins aren't slow enough to see the exact same behavior, but I can reproduce it by just killing the PAM client process after the session is established using Task Manager. On the Sessions > Manage Sessions page the stale sessions will have no connections, and the sum of the Duration and Timeout columns will be close to the Login Timeout configured in Global Settings. They should go away once the login timeout is reached.