PAM Proxy Stopped Working for Windows 2008 / 7

Document ID : KB000124380
Last Modified Date : 11/01/2019
Show Technical Document Details
Issue:
The PAM Proxy was previously working. It has recently stopped working for Windows 2008 & 7 Target Devices but still works on other devices. Reviewing the Proxy Server, the Proxy service is running properly and the Proxy log shows that there are some errors like the examples below when connecting to the Target Device to validate/rotate the password. The Tomcat logs may also show these errors. Checking the Target Device all RPC related services are properly running and required Proxy settings are correct.

Example errors noted with this problem:
6-ERROR_INVALID_HANDLE
1722-RPC_S_SERVER_UNAVAILABLE
1326-ERROR_LOGON_FAILURE
Environment:
Windows Proxy
Windows 2008 or 7 Target Device
Cause:
This may be caused by a problem with specific Windows Updates that appear to be causing issues on the Windows side with file share access. This problem in turn effects the Proxy's ability to validate & rotate credentials.

Windows 2008: https://support.microsoft.com/en-us/help/4480960/windows-server-2008-kb4480960
Windows 7: https://support.microsoft.com/en-us/help/4480970/windows-7-update-kb4480970
Resolution:
Remove the effected Windows Update (KB4480970 / KB4480960) to resolve this problem.