• State Not Answered
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 583 views
  • Users 0 members are here
Options
Related

SPS Error when launching RDP Sessions

simone tabacchi
3 months ago

Hi,

We are on an OnPrem environment at version 7.5.0.

when using PAM (both SPP and SPS) it happens that sometimes (not always) sessions don't work.

SPS returns a "Gateway Authentication failed" error.

Checking the logs, the specific error is as follows:

[...]Reason: (BadRequest) {\"Code\":90139,\"Message\":\"The new session must be initialized before action 'AuthenticateSession' can be invoked.\",\"InnerError\":null} Call failed with status code 400 (Bad Request): POST [...]AccessRequests/AuthenticateSession".

The temporary "solution" we found to solve this is to check the session in on SPP and then request it again.

Do you know why and what could possibly cause this error?

Thank you,

Simone

  • 0 3 months ago

    Hi,

    Does this happen to specific target assets or all assets?

    We had a case facing these errors where the issue was related to the target system not having the CVE-2018-0886 patches installed 

    Thanks!

  • 0 3 months ago in reply to Tawfiq.Ahmad

    Hi Tawfiq,

    it does happen for every server that is not a DC.

    Also, the specified patch has been installed already on the servers where there is the problem.

    Is there any other suggestion?

    Thank you

  • 0 3 months ago in reply to simone tabacchi

    If you can reproduce the issue, when the error occurs next time, do the following to verify if the problem access request appears on all SPP nodes or if access request is missing from one of the SPP nodes:

    Do not check-in the problem access request for now

    Login to each SPP node in the cluster directly using IP address for example (with the username having the issue) and check if the problem access request appears under My Requests for that user from each SPP node?

    If the access request seems to be missing from a specific SPP node then that particular SPP node could be having an issue where the access request is not replicating to it and causing this intermittent issue because SPS will interact with any SPP node and if SPS lands on the SPP node that is missing the access request then this error happens.

    In that case you would have to Unjoin that SPP node (which is missing the access request \ having an issue replicating access requests) and rejoin it back to the cluster which should correct the issue.

    Thanks!

  • 0 3 months ago in reply to Tawfiq.Ahmad

    Hi Tawfiq,

    i have checked the History from the Reports Activity Center.

    The session is present on all 3 nodes, so i exclude that the problem is related to this.

    Should it be something that the support has to investigate?

    Thank you

  • 0 3 months ago in reply to simone tabacchi

    I would still verify it the way I mentioned earlier (Not using Activity Center) because the audit log events are synced in the cluster and do not show the problem.

    Support may suggest you to upgrade to latest available release first and if issue persists then reproduce the gather support bundles from all SPP and SPS nodes which is another option for sure.

    Thanks!

  • 0 3 months ago in reply to Tawfiq.Ahmad

    Hi Tawfiq,

    ok then, we will check once the problem is faced again.

    I will let you know.

    Thank you!

  • 0 3 months ago in reply to simone tabacchi

    Hi Tawfiq,

    we just replicated the error.

    The session was present on all 3 nodes but neither of them let the user connect to the server.

    It seems almost like it happens on the first attempt of connection, after that everything works.

  • 0 2 months ago in reply to simone tabacchi

    I would try in a (Scheduled change window) to unjoin the Replicas (One at a time) and rejoin it again to see if that helps at all?

    Then, I would upgrade to latest 8.0 LTS (requires upgrading license to v8 as well) and check if any issues persist 

    If issues persist after above then we will need to investigate the logs via a support service request

    Thanks!