ESx Account Management - Invalid Request

book

Article ID: 102279

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Version 3.2 - Perform multiple credential changes from Target Account Screen (Generate new Credential -> Save). Rotations would succeed 4 our of 5 times, but periodically there is an error of Invalid Request and the account does not rotate and goes out of sync.  The account will verify and then when generating a new credential it will succeed. 

Cause

The problem was caused by a special character, &, which happened to be included in every 4th or 5th new generated password. The character is not accepted by the ESX target server.

Environment

PAM 3.2

Resolution

Remove any character not accepted by the target device from the Password Composition Policy associated with the target application for the problem target accounts.