We have a PAM cluster with a VIP FQDN that connects to a cluster node through an external load balancer. When we use the VIP FQDN in a browser to access PAM and get connected to one of the cluster nodes, access methods work as expected, but when the load balancer connects us to the other node, they don't, and just hovering over an RDP access link shows no local drives under "Drive Mapping:".
The CA PAM client log shows error messages similar to the following:
liveconnect: The html source is on the ESL or covered by a DRS run rule, however the jar's Caller-Allowable-Codebase attribute exists and does not include this source
liveconnect: Security Exception: JavaScript from https://<PAM VIP FQDN>/conn/wUP.php?PHPSESSID=882298535810c51041b09b8e9c87bcd1 attempted to access a resource it has no rights to.
When we connect to the node directly using its host name, there is no problem.