SPS Error when launching RDP Sessions

Hi,

We are on an OnPrem environment at version 7.5.0.

when using PAM (both SPP and SPS) it happens that sometimes (not always) sessions don't work.

SPS returns a "Gateway Authentication failed" error.

Checking the logs, the specific error is as follows:

[...]Reason: (BadRequest) {\"Code\":90139,\"Message\":\"The new session must be initialized before action 'AuthenticateSession' can be invoked.\",\"InnerError\":null} Call failed with status code 400 (Bad Request): POST [...]AccessRequests/AuthenticateSession".

The temporary "solution" we found to solve this is to check the session in on SPP and then request it again.

Do you know why and what could possibly cause this error?

Thank you,

Simone

  • Hi,

    Does this happen to specific target assets or all assets?

    We had a case facing these errors where the issue was related to the target system not having the CVE-2018-0886 patches installed 

    Thanks!

  • Hi Tawfiq,

    it does happen for every server that is not a DC.

    Also, the specified patch has been installed already on the servers where there is the problem.

    Is there any other suggestion?

    Thank you

  • If you can reproduce the issue, when the error occurs next time, do the following to verify if the problem access request appears on all SPP nodes or if access request is missing from one of the SPP nodes:

    Do not check-in the problem access request for now

    Login to each SPP node in the cluster directly using IP address for example (with the username having the issue) and check if the problem access request appears under My Requests for that user from each SPP node?

    If the access request seems to be missing from a specific SPP node then that particular SPP node could be having an issue where the access request is not replicating to it and causing this intermittent issue because SPS will interact with any SPP node and if SPS lands on the SPP node that is missing the access request then this error happens.

    In that case you would have to Unjoin that SPP node (which is missing the access request \ having an issue replicating access requests) and rejoin it back to the cluster which should correct the issue.

    Thanks!

  • Hi Tawfiq,

    i have checked the History from the Reports Activity Center.

    The session is present on all 3 nodes, so i exclude that the problem is related to this.

    Should it be something that the support has to investigate?

    Thank you

  • I would still verify it the way I mentioned earlier (Not using Activity Center) because the audit log events are synced in the cluster and do not show the problem.

    Support may suggest you to upgrade to latest available release first and if issue persists then reproduce the gather support bundles from all SPP and SPS nodes which is another option for sure.

    Thanks!

  • Hi Tawfiq,

    ok then, we will check once the problem is faced again.

    I will let you know.

    Thank you!

  • Hi Tawfiq,

    we just replicated the error.

    The session was present on all 3 nodes but neither of them let the user connect to the server.

    It seems almost like it happens on the first attempt of connection, after that everything works.

  • I would try in a (Scheduled change window) to unjoin the Replicas (One at a time) and rejoin it again to see if that helps at all?

    Then, I would upgrade to latest 8.0 LTS (requires upgrading license to v8 as well) and check if any issues persist 

    If issues persist after above then we will need to investigate the logs via a support service request

    Thanks!