My Favorites

Close

Please to see your favorites.


Rexec package offline after updating to 3.2.0.1 on Windows 2008 R2

This document (7022120) is provided subject to the disclaimer at the end of this document.

Environment

Privileged Account Manager 3.2.0.1
Microsoft Windows 2008 R2
Microsoft Windows 2008 R2 SP1

Situation

Session audits are not being captured on Windows 2008 R2 after updating to PAM 3.2.0.1
Rexec package status is registered, but offline
The update was previously installed successfully according to the Hosts Console Package Update
The following appears in the PAM Agent's unifid.log on the Windows server:
Error, init_audit line: 1720 rv=720006:The handle is invalid. 
Error, NPUM driver is not initialized. Try restarting NPUM service or system restart.
Error, Failed to load module rexec: Unknown error

Resolution

PAM 3.2.0.1 requires at least Microsoft Windows 2008 R2 SP1 with Microsoft Security Advisory 3033929 Security Patch to support SHA-2 code signing. We recommend keeping Microsoft Windows on the latest security patches, which would avoid this particular issue.

After Windows has successfully been updated to the latest security patches or at least the requisite one mentioned above, please restart the server so the rexec module can start successfully.

Cause

Microsoft Windows needs to be able to verify the signature of PAM kernel drivers' SHA2 certificate.

Additional Information

For more details regarding this prerequisite Microsoft Security Patch, please refer to the following:

Microsoft Security Advisory 3033929
Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
https://technet.microsoft.com/en-us/library/security/3033929.aspx
https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=35b0920d-d4aa-48b9-bc23-bbd97afbd849

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7022120
  • Creation Date:17-OCT-17
  • Modified Date:17-OCT-17
    • NovellPrivileged Account Manager (Privileged User Manager)

Did this document solve your problem? Provide Feedback