A2A: Server rejected client login with errorCode 401. Possible cause: db file, .cspmclient.dat is out of synch with the Server
Article ID: 100694
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Having issues with a script that is failing to pass the password authentication.
The A2A client logs say: Server rejected client login with errorCode 401. Possible cause: db file, .cspmclient.dat is out of synch with the Server
The A2A client logs say: Server rejected client login with errorCode 401. Possible cause: db file, .cspmclient.dat is out of synch with the Server
Environment
PAM: 3.4.x, 4.0.x, 4.1.x
Cause
It is possible that this client has pointed to a different PAM server in the past. That would put the digest key stored in the client cache file (.cspmclient.dat) out of sync with the PAM server.
Resolution
Try this first from PAM to update the A2A Client key:
1.Select Credentials, Manage A2A, Clients. The Client List page appears.
2. Select the server where the A2A client is installed and select VIEW. The Client Details page appears.
When the A2A client is not reachable from the site server, you must log into the site where the A2A client is registered.
3. Select the Change Key button.
If there is a problem with the above procedure, then try this:
1. Check the cspm_client_config.xml is pointing to the PAM server in the <cspmserver> tag.
/opt/cloakware/cspmclient/config/cspm_client_config.xml
2. Remove the cache file. It will get recreated.
cd /opt/cloakware/cspmclient/config/data
remove .cspmclient.dat file.
Do not remove the other key files in this directory, just the .cspmclient.dat file.
Restart the cspmclient daemon.
It should establish a new key with the server.
1.Select Credentials, Manage A2A, Clients. The Client List page appears.
2. Select the server where the A2A client is installed and select VIEW. The Client Details page appears.
When the A2A client is not reachable from the site server, you must log into the site where the A2A client is registered.
3. Select the Change Key button.
If there is a problem with the above procedure, then try this:
1. Check the cspm_client_config.xml is pointing to the PAM server in the <cspmserver> tag.
/opt/cloakware/cspmclient/config/cspm_client_config.xml
2. Remove the cache file. It will get recreated.
cd /opt/cloakware/cspmclient/config/data
remove .cspmclient.dat file.
Do not remove the other key files in this directory, just the .cspmclient.dat file.
Restart the cspmclient daemon.
It should establish a new key with the server.
Feedback
Yes
No
Powered by
