Skip navigation
All People > SungHoon_Kim > Sung Hoon Kim's Blog > 2018 > February
2018

This is a common question raised by many customers and I thought it would be good to write an article.

The documentation is already available how it is done but some detail instruction is always helpful to implement this for those who have not performed this before.

 

Following articles will help.

 

Tech Tip:  How to download the PAM Client installer files 

Configure How the Client is Made Available - CA Privileged Access Manager - 3.1.1 - CA Technologies Documentation 

 

When you use PAM Client to connect to a PAM Server and if their versions do not match, PAM Client will be told to download the necessary files from the cloud by default.

 

But if the server running the PAM Client do not have internet access, you will get an error as below.

 

Let's setup internal web server to host the files so the PAM Client can download the files without going to the internet.

 

This example is based on using IIS Web Server to host the PAM Client files and Java Runtime.

Let's say the web server is accessible at "https://pamfiles.test.lab" from intranet.

As the URL suggests, you must have https enabled on that web server.

 

Also, you should not assign any protection or authentication schemes. Let the files be accessible anonymously.

 

At C:\inetpub\wwwroot\ (Document Root) folder you need to create the folder structure as below

ca-pam/

ca-pam/install/

ca-pam/install/linux64

ca-pam/install/linux86

ca-pam/install/mac

ca-pam/install/win

ca-pam/module/

ca-pam/module/linux64

ca-pam/module/linux86

ca-pam/module/mac

ca-pam/module/win

 

 

 

Once the above folders are created, you will need to download the files and place them according to the way it is setup at the https://d21oi5tjuccwe.cloudfront.net/

 

Use your browser and access this page, https://d21oi5tjuccwe.cloudfront.net/ and you will see an XML document with the relative path and structure.

 

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Name>capam-client-installers</Name>
<Prefix/>
<Marker/>
<MaxKeys>1000</MaxKeys>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>ca-pam/</Key>
<LastModified>2016-03-28T19:44:02.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/</Key>
<LastModified>2016-03-28T19:44:12.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/linux64/</Key>
<LastModified>2016-03-28T20:37:10.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V2.5.0.bin
</Key>
<LastModified>2016-03-28T20:41:59.000Z</LastModified>
<ETag>"f1eb70ee8b98e239dda05f46ffa7bdb5-2"</ETag>
<Size>77526868</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V2.6.2.bin
</Key>
<LastModified>2016-07-07T23:16:11.000Z</LastModified>
<ETag>"c4261d17a55805757bd6767cee88b230-2"</ETag>
<Size>77531349</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/linux64/CAPAMClientInstall_V2.6.bin</Key>
<LastModified>2016-05-10T14:26:12.000Z</LastModified>
<ETag>"566d2a48878a54419b27d7b20ea3c37a-2"</ETag>
<Size>77531115</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V2.7.0.bin
</Key>
<LastModified>2016-07-22T17:58:03.000Z</LastModified>
<ETag>"331545a518e420ed9e118a7f4e9fbbf0-2"</ETag>
<Size>77531299</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V2.8.0.bin
</Key>
<LastModified>2016-11-08T19:41:38.000Z</LastModified>
<ETag>"cd48cc28d893fe2b60e86849b59b4af5-2"</ETag>
<Size>77531579</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.0.0.bin
</Key>
<LastModified>2017-06-29T03:14:52.000Z</LastModified>
<ETag>"877ef4baf623117d770b40e866688a9b-10"</ETag>
<Size>78304765</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.0.1.bin
</Key>
<LastModified>2017-09-27T18:46:02.000Z</LastModified>
<ETag>"583de0a0f5ae31f8d17c4d1f2ecc0fd3-5"</ETag>
<Size>82577608</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.0.2.bin
</Key>
<LastModified>2017-10-04T15:53:01.000Z</LastModified>
<ETag>"9a896b3e11cb4f6fc229722cf5694eb1-5"</ETag>
<Size>82577629</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.0.3.bin
</Key>
<LastModified>2018-02-24T23:08:33.000Z</LastModified>
<ETag>"cc08f8b1c48e3846580f28ee2047b466-5"</ETag>
<Size>82583093</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.1.0.bin
</Key>
<LastModified>2017-12-20T19:58:37.000Z</LastModified>
<ETag>"b04e14e348e4227860b9f4523b33e83c-5"</ETag>
<Size>82585928</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.1.1.bin
</Key>
<LastModified>2018-01-18T22:57:10.000Z</LastModified>
<ETag>"902e6424b93034a3524dee38daf97bf4-5"</ETag>
<Size>82585785</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.1.2.bin
</Key>
<LastModified>2018-02-24T23:06:56.000Z</LastModified>
<ETag>"f295013a02daf040235b7085a33d89ca-5"</ETag>
<Size>82585913</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux64/CAPAMClientInstall_V3.2.0.bin
</Key>
<LastModified>2018-01-27T19:59:41.000Z</LastModified>
<ETag>"9174238b3b2ae3df9bc63ed139af1e7c-5"</ETag>
<Size>82586664</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/linux86/</Key>
<LastModified>2016-03-28T20:34:59.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V2.5.0.bin
</Key>
<LastModified>2016-03-28T20:36:03.000Z</LastModified>
<ETag>"3bc1ac72dd697478ac35f59e69a0947e-2"</ETag>
<Size>79722317</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V2.6.2.bin
</Key>
<LastModified>2016-07-07T23:54:30.000Z</LastModified>
<ETag>"33f2d73fab5412493f933093ba4e3b56-2"</ETag>
<Size>79726804</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/linux86/CAPAMClientInstall_V2.6.bin</Key>
<LastModified>2016-05-10T14:26:42.000Z</LastModified>
<ETag>"600ee1014ce70f21a43139025bc78321-2"</ETag>
<Size>79726571</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V2.7.0.bin
</Key>
<LastModified>2016-07-22T17:58:17.000Z</LastModified>
<ETag>"14ae026a77b0262960305ba01a9a8efb-2"</ETag>
<Size>79726752</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V2.8.0.bin
</Key>
<LastModified>2016-11-08T19:40:30.000Z</LastModified>
<ETag>"b358a8381a04084ff33f95ce9d77ec85-2"</ETag>
<Size>79727035</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.0.0.bin
</Key>
<LastModified>2017-06-29T03:17:15.000Z</LastModified>
<ETag>"d1ec2d31435feb3950f6084d9903b7c3-10"</ETag>
<Size>80500223</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.0.1.bin
</Key>
<LastModified>2017-09-27T18:45:24.000Z</LastModified>
<ETag>"9f3c6aab95c1c821bf9daf796d4b379f-6"</ETag>
<Size>85330118</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.0.2.bin
</Key>
<LastModified>2017-10-04T15:51:36.000Z</LastModified>
<ETag>"bf51ffb3d02e83e4c6cb9297dc99d6e6-6"</ETag>
<Size>85330129</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.0.3.bin
</Key>
<LastModified>2018-02-24T23:11:48.000Z</LastModified>
<ETag>"099fff8118135af443d4a6a4849fd554-6"</ETag>
<Size>85335596</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.1.0.bin
</Key>
<LastModified>2017-12-20T19:59:16.000Z</LastModified>
<ETag>"c85a69fac5667764505e95aa02550178-6"</ETag>
<Size>85338439</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.1.1.bin
</Key>
<LastModified>2018-01-18T22:55:48.000Z</LastModified>
<ETag>"0b3e3b6f3c24d972a7fd1f688a4427d4-6"</ETag>
<Size>85338303</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.1.2.bin
</Key>
<LastModified>2018-02-24T23:19:16.000Z</LastModified>
<ETag>"8ccaf91827768814cc073150134f7db7-6"</ETag>
<Size>85338433</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>
ca-pam/install/linux86/CAPAMClientInstall_V3.2.0.bin
</Key>
<LastModified>2018-01-27T19:58:30.000Z</LastModified>
<ETag>"3e585ff2abaae16e3ba17c36ac69cc73-6"</ETag>
<Size>85339181</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/</Key>
<LastModified>2016-03-28T19:44:18.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V2.5.0.zip</Key>
<LastModified>2016-03-28T19:44:18.000Z</LastModified>
<ETag>"3af127111ab07e74c49466aa981f75c2-2"</ETag>
<Size>68941190</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V2.6.2.zip</Key>
<LastModified>2016-07-13T17:30:39.000Z</LastModified>
<ETag>"065617fcc878432fa0c97858afb3d2e3-2"</ETag>
<Size>70055117</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V2.6.zip</Key>
<LastModified>2016-05-10T16:12:21.000Z</LastModified>
<ETag>"65522d4f14f38d757b5c9cedac6e55f0-2"</ETag>
<Size>70054732</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V2.7.0.zip</Key>
<LastModified>2016-07-22T17:59:32.000Z</LastModified>
<ETag>"29e0d86b95551bca55f3547d5a386899-2"</ETag>
<Size>70055087</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V2.8.0.zip</Key>
<LastModified>2016-11-08T17:04:18.000Z</LastModified>
<ETag>"ea5a6ceb14841ab3a24abf2dccbba86b-2"</ETag>
<Size>70055633</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.0.0.zip</Key>
<LastModified>2017-06-29T03:18:25.000Z</LastModified>
<ETag>"6763a206f0bb93ae86f7e98e9c7f76e7-9"</ETag>
<Size>69545743</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.0.1.zip</Key>
<LastModified>2017-09-27T18:44:48.000Z</LastModified>
<ETag>"c6678504e19097d37c1b2a9b5a983267-5"</ETag>
<Size>69223034</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.0.2.zip</Key>
<LastModified>2017-10-04T15:49:04.000Z</LastModified>
<ETag>"cebb403305f68c1aed961b27f6237418-5"</ETag>
<Size>69223029</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.0.3.zip</Key>
<LastModified>2018-02-24T23:22:13.000Z</LastModified>
<ETag>"b13721ab4573afbdb509b92b8e89382e-5"</ETag>
<Size>69227337</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.1.0.zip</Key>
<LastModified>2017-12-20T20:05:38.000Z</LastModified>
<ETag>"bed5dc89f156181eb36950176a6e66d6-5"</ETag>
<Size>69230887</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.1.1.zip</Key>
<LastModified>2018-01-18T22:52:38.000Z</LastModified>
<ETag>"db6446093a54ea3f99b857acf5a871d8-5"</ETag>
<Size>69230900</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.1.2.zip</Key>
<LastModified>2018-02-24T23:23:32.000Z</LastModified>
<ETag>"458dc776dfe153b9b5d317200ec8589e-5"</ETag>
<Size>69230843</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/mac/CAPAMClientInstall_V3.2.0.zip</Key>
<LastModified>2018-01-27T19:57:10.000Z</LastModified>
<ETag>"2f76e68bf23bd8f5ac839eebce4ea973-5"</ETag>
<Size>69231001</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/</Key>
<LastModified>2016-03-28T20:32:58.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V2.5.0.exe</Key>
<LastModified>2016-03-28T20:33:15.000Z</LastModified>
<ETag>"bf338cf460890e82504b922cd616567c-2"</ETag>
<Size>67815192</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V2.6.2.exe</Key>
<LastModified>2016-07-13T17:30:57.000Z</LastModified>
<ETag>"ab4249232a7031836bbfc430019c19fb-2"</ETag>
<Size>67807768</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V2.6.exe</Key>
<LastModified>2016-07-07T23:03:43.000Z</LastModified>
<ETag>"34fae5829f221992d80a2fd53e9dc695-2"</ETag>
<Size>67807696</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V2.7.0.exe</Key>
<LastModified>2016-07-22T18:00:23.000Z</LastModified>
<ETag>"2cb68da9dee7376769332e53ab7fd61d-2"</ETag>
<Size>67807816</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V2.8.0.exe</Key>
<LastModified>2016-11-08T17:03:19.000Z</LastModified>
<ETag>"1d9f55816554e6f84ba275986a235ccb-2"</ETag>
<Size>67808272</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.0.0.exe</Key>
<LastModified>2017-06-29T03:19:18.000Z</LastModified>
<ETag>"9014b58a94b582dca876901eafdf5622-9"</ETag>
<Size>68417208</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.0.1.exe</Key>
<LastModified>2017-09-27T18:42:10.000Z</LastModified>
<ETag>"d41394729f19f7f8d6f8c9e63dfcf769-5"</ETag>
<Size>70139792</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.0.2.exe</Key>
<LastModified>2017-10-04T15:47:34.000Z</LastModified>
<ETag>"eed4962410a5458408ddca17382f517b-5"</ETag>
<Size>70139856</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.0.3.exe</Key>
<LastModified>2018-02-24T23:10:49.000Z</LastModified>
<ETag>"ae6c0d5f89140cb558e8b1b9e38d5dbc-5"</ETag>
<Size>70164608</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.1.0.exe</Key>
<LastModified>2017-12-20T20:07:24.000Z</LastModified>
<ETag>"af18e05b61f2906c1426019e1d7d5663-5"</ETag>
<Size>70148096</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.1.1.exe</Key>
<LastModified>2018-01-18T22:51:32.000Z</LastModified>
<ETag>"ca696882b660f9d087526ac81e1df7b4-5"</ETag>
<Size>70168080</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.1.2.exe</Key>
<LastModified>2018-02-24T23:09:49.000Z</LastModified>
<ETag>"c34db7f649dfa8d788ed0ca547403993-5"</ETag>
<Size>70168128</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/install/win/CAPAMClientInstall_V3.2.0.exe</Key>
<LastModified>2018-01-27T19:37:27.000Z</LastModified>
<ETag>"0c38f8058ba229714317d7cb4b0075a9-5"</ETag>
<Size>70168000</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/</Key>
<LastModified>2016-03-28T20:42:28.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux64/</Key>
<LastModified>2016-03-28T20:50:29.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux64/runtime-1.8.0_144.zip</Key>
<LastModified>2017-08-21T16:33:39.000Z</LastModified>
<ETag>"2445c13b47212b4550a3b2b423049b3b-10"</ETag>
<Size>75999039</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux64/runtime-1.8.0_74.zip</Key>
<LastModified>2016-03-28T20:51:02.000Z</LastModified>
<ETag>"d266eeab56ac1822d482a8f3e5143654-2"</ETag>
<Size>71713640</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux86/</Key>
<LastModified>2016-03-28T20:49:21.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux86/runtime-1.8.0_144.zip</Key>
<LastModified>2017-08-21T16:40:05.000Z</LastModified>
<ETag>"ccb72918a7b725f6691691ca312903ad-10"</ETag>
<Size>78742352</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/linux86/runtime-1.8.0_74.zip</Key>
<LastModified>2016-03-28T20:49:36.000Z</LastModified>
<ETag>"cb68b0e420477894939fae805e4eb6c4-2"</ETag>
<Size>73890410</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/mac/</Key>
<LastModified>2016-03-28T20:47:52.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/mac/runtime-1.8.0_144.zip</Key>
<LastModified>2017-08-21T17:10:37.000Z</LastModified>
<ETag>"8c97c614f91d38460026e6910000ff02-8"</ETag>
<Size>61532671</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/mac/runtime-1.8.0_74.zip</Key>
<LastModified>2016-03-28T20:48:04.000Z</LastModified>
<ETag>"6574ce4ebd486d991c6b9203f34918fe"</ETag>
<Size>61928872</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/win/</Key>
<LastModified>2016-03-28T20:42:45.000Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/win/runtime-1.8.0_144.zip</Key>
<LastModified>2017-08-21T17:20:40.000Z</LastModified>
<ETag>"e5facb93253b234cf842d364338e3adf-8"</ETag>
<Size>62198917</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>ca-pam/module/win/runtime-1.8.0_74.zip</Key>
<LastModified>2016-03-28T20:46:10.000Z</LastModified>
<ETag>"8efae469f46972bd3d96f0c93dc8c740"</ETag>
<Size>60501512</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
</ListBucketResult>

 

The steps to download the files are:

https://d21oi5tjuccwe.cloudfront.net/ + ca-pam/install/linux64/CAPAMClientInstall_V2.5.0.bin

Which makes it https://d21oi5tjuccwe.cloudfront.net/ca-pam/install/linux64/CAPAMClientInstall_V2.5.0.bin

 

Repeat the steps above until you have downloaded all the files and placed them accordingly (in your C:\inetpub\wwwroot\ca-pam\.... )

 

 

If you are not using all the versions of PAM version, you do not need to download everything but just the ones you will need.

 

Then logon to PAM and goto "Global Settings" section and at the "Client Settings" change the "Distribution Mode" as below.

 

Logout from PAM and Login again using PAM Client.

Client will connect to PAM Server and check for the PAM Server version information.

If the PAM Server and PAM Client version is different, the PAM Server tells the PAM Client to goto this https://pamfiles.test.lab/ca-pam/.... to download the necessary files instead of going to the cloud.

 

Hope this helps!

I have an interesting issue and wanted to share some insight to what I have learned.

 

On Windows, you can install FTP Server on top of IIS.

The convenience is with the credential management as the AD users would be able to use their credentials to login and get appropriate privileges.

 

The challenge was, when trying to access the Windows FTP Server via PAM.

The expectation was, the FTP Client would go via PAM Server and no direct connection to the FTP Server.

And that the user would be able to auto-login.

 

The result was not what I expected.

The FTP Client was failing to get the directory listing of the FTP Server.

 

So I went to take a look at the FTP server logs and found the following.

FTP log
2018-01-24 05:41:22 192.168.0.200 59686 - - WWW - 192.168.0.51 21 ControlChannelOpened - - 0 0 0 0 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 - FTPSVC2 WWW - 192.168.0.51 21 USER administrator 331 0 0 23 20 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 PASS *** 230 0 0 87 18 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 / -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 SYST - 215 0 0 16 6 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 FEAT - 211 0 0 149 6 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 OPTS UTF8+ON 200 0 0 58 14 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 PWD - 257 0 0 31 5 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 TYPE A 200 0 0 20 8 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 PASV - 227 0 0 50 6 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.128 55606 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 55838 DataChannelOpened - - 0 0 0 0 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.128 55606 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 55838 DataChannelClosed - - 1236 38 0 0 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - Client+IP+on+the+control+channel+didn't+match+the+client+IP+on+the+data+channel.
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 LIST -a 425 1236 38 75 9 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 / Client+IP+on+the+control+channel+didn't+match+the+client+IP+on+the+data+channel.
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 TYPE A 200 0 0 20 8 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 PASV - 227 0 0 50 6 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.128 55607 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 55839 DataChannelOpened - - 0 0 0 0 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -
2018-01-24 05:41:23 192.168.0.128 55607 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 55839 DataChannelClosed - - 1236 38 0 0 0 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - Client+IP+on+the+control+channel+didn't+match+the+client+IP+on+the+data+channel.
2018-01-24 05:41:23 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 LIST - 425 1236 38 75 6 16 0e45aee5-210d-46af-8e97-a50c2bc9aac6 / Client+IP+on+the+control+channel+didn't+match+the+client+IP+on+the+data+channel.
2018-01-24 05:41:39 192.168.0.200 59686 WWW\Administrator FTPSVC2 WWW - 192.168.0.51 21 ControlChannelClosed - - 0 0 681 112 16750 0e45aee5-210d-46af-8e97-a50c2bc9aac6 - -

 

The ControlChannel Client IP Address is "192.168.0.200" which is my PAM Server.

The DataChannel Client IP Address is "192.168.0.128" which is the PAM Client.

 

 

What is happening is that the initial ControlChannel is established via PAM Server because the FTP Client is told to connect to a server which is 127.0.0.1:21 and that tunnel would goto PAM Server.

So it is clear that the ControlChannel would have PAM Server IP Address as "Client IP".

 

Once the FTP Client has established the ControlChannel and Authenticated the user, it then establishes the DataChannel to FTP Server.

The difference this time is that, FTP Client would now connect directly with the FTP Server.

 

The error "Failed to retrieve directory listing" is caused by the FTP Server rejecting the DataChannel connection because the Client IP Address did not match with ControlChannel.

 

==================

 

So I was looking for a workaround and found that, if I use FileZilla FTP Server I can get past this error.

How the FTP Server and FTP Client behaved is exactly the same but there was a switch in the FileZilla FTP Server to ignore this specific error case.

 

 

You can either select "Relaxed IP match" (which I think is set by default) or simply "Disable IP check" altogether.

Then you will not be getting "Failed to retrieve directory listing".

 

You will need to be reminded that, if you use FileZilla FTP Server

1) you cannot make use of AD credentials and 

2) FTP Client is still connecting directly to the FTP server.

 

Then how can I force the FTP Client to go via PAM Server and also avoid this error?

(Well, if both ControlChannel and DataChannel are going via PAM Server then you would not encounter the error in the first place)

 

There is a predefined TCP Server that comes out of the box.

It is called "sftpftpemb"

 

Note that the port specified is 22 and not 21.

And you cannot configure the "Client Application".

 

The reason for this is, it is hardcoded to use WinSCP as the Client Application.

And it is using port 22, which forces the WinSCP to treat this as if it is SFTP (SFTP and FTPS are 2 completely different things) and all communications go to the 127.0.0.200:22.

 

If you create a same service and specify FileZilla FTP Client instead, you will find the FileZilla actually complains about the protocol and fails to connect to the server.

filezilla.log
2018-02-25 19:11:17 4900 1 Error: Cannot establish FTP connection to an SFTP server. Please select proper protocol.
2018-02-25 19:11:17 4900 1 Error: Critical error: Could not connect to server

 

So, this "sftpftpemb" service is specially crafted and tested using WinSCP to allow connecting to FTP server via PAM.

 

To provide some more insight, when you launch the link to sftpftpemb service, it actually extracts "WinSCP" to the %USERPROFILE% folder.

 

For example, if your %USERPROFILE% folder is "C:\Users\user1", then the WinSCP files will be extracted under "C:\Users\user1\WinSCP" folder.

 

 

So you do not need to install WinSCP software if you are using sftpftpemb service.

 

Previous Article PAM Upgrade from 2.8.4.1 to 3.0.0 

 

Upgrading from 3.0.0 to 3.0.2 is straight forward.

You just apply the patch as regular patch.

Click "Configuration" and select "Upgrade"

Same applies to 3.1.1 patch.

 

Here we go.

 

Continuing from previous article where the 2nd HDD was removed.

Power on the PAM Servers.

 

Extract the 3.0.2 patch

 

Logon to PAM 3.0.0

 

 

Goto Configuration-Upgrade

 

Choose the 3.0.2 patch bin file and apply.

 

 

PAM Reboots.

Close all PAM Clients and launch again.

Logon to confirm the updated version.

 

!!!!!Perform the same on all PAM Servers.

 

 

Extract the 3.1.1 Patch file.

 

 

Goto Configuration-Upgrade.

Select the CAPAM_3.1.1.p.bin file and apply.

 

PAM reboots.

Close all PAM Clients and launch again.

Logon to the Primary Node of the cluster.

 

You can confirm the version.

 

Next is to turn on the Cluster back on.

Goto Configuration-Clustering

Before turning on the clustering, verify the cluster settings are preserved correctly. It can be viewed at the "Status" tab.

 

Go back to "Local Settings" tab and turn on the cluster.

 

The PAM Servers are upgraded from 2.8.x to 2.8.4.1, then migrated to 3.0.0, upgraded to 3.0.2 and finally upgraded to 3.1.1

To complete the whole process, the Cluster was turned on.

 

I hope this helps in planning your migration and upgrades.

Previous Article: Upgrade PAM 2.8.3/2.8.4 to 2.8.4.1 

 

Now that you are on PAM 2.8.4.1(you can also upgrade from 2.8.3), we can now perform the migration to 3.0.0

There is no direct upgrade path to 3.1.1, you must migrate to 3.0.0 first then upgrade to 3.0.1 3.0.2(recommending to upgrade to 3.0.2 to avoid any known issue) followed by whatever upgrade (3.1.1) available.

 

Logon to support.ca.com and navigate to Download Management.

Then enter "Privileged" at the dropdown menu and select "Privileged Access Management" as below.

 

Navigate and locate "CA Privileged Access Manager DEBIAN" (it should appear at the top).

It would show the latest version in the "Release" dropdown list, you need to select 3.0.1.

 

Once you selected 3.0.1, click on the CART icon and add to cart.

Then click on the cart.

 

Click on "All files" to get a full list.

 

Download the following 2 files.

 

For the Migration Itself, you only need to download 2 files.

"CA PRIVILEGED ACCESS MANAGER MIGRATION PATCH PAYLOAD R3.0 - ESD ONLY" which is referred to as "Payload".

"PRIVILEGED ACCESS MANAGER MIGRATION PATCH R3.0B" which is referred to as "Migration Patch"

 

Payload is the one you copy to the Session Recording network shared folder.

Migration Patch is what you apply on PAM as any other Patches and this will initiate migration.

 

 

Once you have downloaded the 2 files, you can empty the cart and select "3.1.1" and add to cart.

Download the "PRIVILEGED ACCESS MANAGER UPGRADE PATCH R3.1.1 - ESD ONLY"

 

 

Downloading the 3.0.2 patch is at a different location.

Visit the following link(after logon to support.ca.com) and download 3.0.2 patch.

CA Privileged Access Manager Solutions & Patches - CA Technologies 

 

Copy the files where you would perform the upgrade from.

 

Before performing any upgrade,  check the following.

  1. Session Recording Network Mount is successful
    1. If this is not successful you cannot upgrade!
    2. You must ensure this on all PAM Servers!
    3. If you are using hostname (\\host\share) and unable to mount, try IP address (\\ip\share) instead
    4. Proceed only if you pass this.
  1. DB Backup is made (preferably external storage)
  2. Cluster is turned off
  3. VMWare Snapshot is taken.

 

And note the following too.

 

 

Now, let's begin.

[EDIT: 2018-04-16]-------------[BEGIN]---------------

The PAM 2.x has 8GB HDD Disc Size.

This is going to be insufficient when you move to 3.x so you will need to increase the disc size prior to the migration.

However, increasing the disc size requires that you remove all the snapshots!!!

So, please do a full backup of your VM instance first so you can revert back if anything goes wrong.

(For example, you could download the whole VM instance folder)

 

Once you have backed up, remove all snapshots from the VM instance.

Then modify the disc size by increasing it to 80GB(or higher).

Once the disc size has been expanded to 80GB, the partition will be resized automatically adjusted during the migration.

If this has not been performed and the migration was performed, customers can contact CA Support to increase the partition manually.

[EDIT: 2018-04-16]-------------[END]---------------

Take VMWare Snapshot so you can revert to this stage.

Take DB Backup

 

Back at the "Database Configuration", click on "Save Database and Configuration" button.

 

Download the DB and Configuration.

 

Turn off the Cluster.

 

Power off

 

Add 2nd HDD with 20GB space

 

In my sample I was using 2GB RAM for PAM 2.8.4.1 but that is insufficient for PAM 3.x.x so you must have at least 4GB RAM even for just a boot up.

Otherwise, you may fail to logon or see blank screen when you logon.

 

Set the RAM to 4GB at the very minimum. (This is just a demo env for upgrade)

 

### Repeat the same on all the instances of PAM

 

Power on the PAM Server

Logon to PAM

 

FYI. The 2nd HDD would not be visible to PAM GUI.

 

Check the Session Recording network folder is mounted correctly.

Again, you cannot migrate if you cannot mount or if it is not available.

Try using IP Address if the hostname does not work.

 

Copy the payload file to the Session Recording Network Shared folder.

 

 

Extract the Migration Patch file

 

Apply the Migration Patch

 

PAM Server will reboot

 

If you have access to the VMWare Console, you can see the following. If not, you will have to patiently wait.

 

It will stay at the following screen for some time.

Wait for couple of minutes and do not power off or reset.

 

You will later see it booting and the version would show 3.0.0

And the 2nd HDD would be used.

 

It is at Phase 2

 

It will again spend some time at the following screen.

You can see the payload file is being extracted and deployed.

 

Now almost at the end.

 

Reboot

 

You can already see it is at Phase 3.

 

And finally it shows the new screen and the wording has changed from "xceedium" to "CA PAM"

 

Close all PAM Clients and launch a new instance.

Connect to PAM server.

 

 

You should be able to confirm the version from sysinfo as well.

 

You can power off the PAM server and discard the 2nd HDD.

 

Next Article is PAM Upgrade from 3.0.0 to 3.0.2 and 3.1.1 

Logon to support.ca.com and navigate to product page and select "Privileged Access Management".

Click on the "LATEST MAINTENANCE RELEASES"

 

Click on "CA Privileged Access Manager"

Download "CAPAM_2.8.4.1.p.zip"

 

Apply to PAM 2.8.x for upgrade as any other Patches.

 

But before that, check the following.

  1. VMWare Snapshot is taken.
  2. DB Backup is made (to external file system)
  3. Cluster is turned off

 

 

Next Article is PAM Upgrade from 2.8.4.1 to 3.0.0 

In case if there are any people who are interested, following is a screenshot of Fostex TH-X00 Ebony after detachable cable mod.

 

 

Items used:

MMCX panel mount Jack with nut and solder cup | eBay 

40PCS Dupont 10CM Male To Female Jumper Wire Ribbon Cable for Arduino New Fsp | eBay 

1.2m Professional MMCX Silver Plating Upgrade Cable for Shure Interface Earphone | eBay 

 

Idea from AT Khan at Head-Fi.org