Password Authority: Windows Proxy Target Application type does not show the proxy server selected

Document ID : KB000008951
Last Modified Date : 23/03/2018
Show Technical Document Details
Issue:

This is a known issue from Password Authority and is fixed in Privileged Access Management. 

- We found some Proxy target Applications with empty proxies. The selected proxies are empty. 

But the accounts are getting verified. 

- If we search via CLI tool for the target applications where the type is the Windows Proxy, then we see the agentID (proxy server) assigned. 

 

 

Environment:
Password Authority 4.5.3.7 version Password Authority 4.5.3.10 version
Cause:

This is a known bug. 

The Available Proxies list, on the Windows Proxy Target Connector, is limited to 1,000 proxies. If I have more then I am unable to select a proxy if it is not in the top 1,000. 

This known behaviour is fixed in the integration of PA in PAM .

Resolution:

- Remove unusefull proxy server up to get the agent installed up to 1000 machines.

or

-Work with the RemoteCLI as workaround:

Below are the commands that you can use with the RemoteCLI:

Use this command to search for the proxy target applications

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows 

or search by hostname

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetServer.hostName=<Hostname> 

or search by hostname and application type

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchTargetApplication TargetApplication.type=windows TargetServer.hostName=<Hostname>

 

You will get the target application information. One of the values is the Attribute.agentId, which is the Windows Proxies ID used to manage passwords.

The agentid is the requestserverid in the requestserver table. 

 

The following query will let you know the proxy server details that is selected in the Target Application

capam_command  UserID=<PA username> capam=<PA IP> cmdName=searchRequestServer RequestServer.ID=<agentid>

********

If you are working with Password Authority and you have access to the Database, you can just execute the queries.

These are basic queries. You can customize it to your convenience. 

Query to list the agentID of all the proxy servers assigned to the proxy target applications. 

select value from attribute where hash in (select hash from TargetApplication where type='windows') and deleted=0 and name='agentID';

Query to know the proxy hostname, ip and port:

select * from requestserver where requestserverid = <attribute.value>;

Note: requestserver.requestserverid is a numeric type while the attribute.value is a varchar(max). If there's more than a proxy selected in a target application, the "value" column will include both requestserverids in the field, followed by a comma.

********

Additional Information:

Prepare to use the RemoteCLI:

https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/prepare-to-use-the-credential-cli-and-java-api

 

Install and Configure the RemoteCLI:

https://docops.ca.com/ca-privileged-access-manager/2-8-1/EN/programming/credential-manager-apis/use-the-credential-manager-cli/install-and-configure-the-credential-management-cli