Symantec Privileged Access Management

  • 1.  Cannot access to PAM after converted from VMware Workstation to ESXi

    Posted May 09, 2017 06:09 AM

    Hello

    Our partner has converted our DoD PAM machine from VMware Workstation to ESXi 6.5 in order to show a demo to a customer

     

    Machine starts correctly (we see the initial PAM menu) but when they try to connect to PAM by Web or PAM client they are not able to work with.

    For example, working with Internet Explorer they get the message:

     

    This page can't be displayed 

    * Make sure the web address https://172.17.17.222 is correct

    * Look for the page with your search engine

    * Refresh the page in a few minutes

     

    It's possible to ping that machine. between the 2 machine there is not firewall

     

    Any suggestions ?

    Thank you

    Giovanni



  • 2.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Broadcom Employee
    Posted May 09, 2017 09:10 AM

    Hi Giovanni, If this procedure resulted in a change of the network interfaces, number of interfaces or MAC addresses for the interfaces, the web service will be blocked due to a license mismatch. There would be no recovery. Such a move/conversion has to be prepared for with the help of support.



  • 3.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Broadcom Employee
    Posted May 09, 2017 09:16 AM

    I should clarify: If you happened to have remote access (SSH port 22) enabled before the conversion, and it is open now for the new VM, we would be able to address the problem.



  • 4.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Posted May 09, 2017 09:28 AM

    Ssh was not enabled but I could ask to enable on the workstation image and to convert it again

    Please let me know how to enable ssh from Pam

     

    Thank you 



  • 5.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Broadcom Employee
    Posted May 09, 2017 09:35 AM

    Hi Giovanni

     

    The remote ssh access can be enabled by going to Config and therein Diagnostics, then click on the Turn on Remote Diagnostics to enable it.

    However, please bear in mind to access that we need to install a ssh debug patch and use a key. Direct access is not possible, even if enabling ssh.

    The best possible course of action in this case would be to open a case explaining your need and we can try it from there or, as Giovanni has mentioned, do whatever change without changing the number of interfaces and mac addresses

    Hope to have helped



  • 6.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Broadcom Employee
    Posted May 09, 2017 10:25 AM

    Giovanni, If you still need to complete this your best method would be to install a fresh new Pam device on ESXi. Licence the new device with the same specifications as the DoD image Patch to the same release as on the DoD. Then restore the configuration and the database from the DoD machine.  This should give you all the same details as the original image.

    In certain circumstances a VM image can be moved from one host to another but care has to be taken to ensure the hardware IDs associated with that image have not changed. Doing exports and imports of VMs is not generally a supported method of migrating an image and is never supported as a method of cloning or creating multiple licensed copies of the same CA PAM image.

    Please let us know if this makes sense or if additional feedback is required. If you cannot recover the original image at all and you need to be able to recover the database or configuration backups please contact support and we can help to recover this from the non functioning image.



  • 7.  Re: Cannot access to PAM after converted from VMware Workstation to ESXi

    Posted May 09, 2017 11:05 AM

    I asked to partner to install a new PAM from scratch

    In any case it should be nice to have the detailed procedure to enable SSH on the PAM Machine

     

    Thank you

    Giovanni