Thick Client on Mac over VPN fails

Document ID : KB000100725
Last Modified Date : 28/06/2018
Show Technical Document Details
Issue:
A remote user downloaded the PAM client for MAC from our PAM 3.0.2 appliance login screen. The user is connected through a VPN. After installation the client does not start correctly. We see a process running for a while but no UI comes up.
Environment:
MAC desktop or laptop trying to run the PAM 3.0 client.
Cause:
The original PAM 3.0 client installer started an RMI server listening on the local IP. While working from home this would be a local IP assigned by the local router in the home network. This is a problem while connected to a VPN. The client log file, logs.log in the client installation directory, will show errors, similar to the following:
2018-06-01 14:25:15 ERROR - Starting application failed.     com.ca.Main [main]
java.rmi.ConnectException: Connection refused to host: 192.168.86.38; nested exception is: 
...
Caused by: java.net.ConnectException: Operation timed out (Connection timed out)
...
 
Resolution:
Newer PAM client versions include a change to have the RMI server listen on the loopback address only, which is all the client needs. You should not have this problem when running the latest release 3.2. The client jar files on a 3.0.2 PAM instance with recent patches also have the fix included. This allows for two workarounds:

1. Get the PAM Client 3.2 installer and install it on your MAC. It should launch. Connect to your PAM server. This will downgrade the PAM client with the jar downloaded from the PAM server, but it should still launch afterwards.
2. Install the PAM 3.0 client while working in the office with no VPN connection required. Connect to PAM at least once to have the client jars updated. Afterwards it should also launch while working from home.