A2A issue obtaining script hash and error 437

Article Id: 102853
Status: Published
Updated On: 25-06-2018 06:40
Products:
CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)
Issue/Introduction:

PAM End User is attempting to use the A2A client, connected to PAM, on a Windows server.
However they cannot obtain the hash for a particular application (java.exe).

The application hash is blank.  On the Server when they attempt to retrieve a password they get error 437 (Security exception. Data tampering detected. Request denied.) for all attempts to retrieve credentials.

In cspm_client_log they get the following errors: 

ScriptService::doGet. errorCode: 437, accountId: null, password: null, XML block length: 0 

and:

PAM-CM-0603: Security exception. Data tampering detected. Request denied.. Key is empty 

Environment:

A2A Agent 4.14.1

Resolution:

  1. Stop the A2A Agent 
  2. Remove the Agent's cache file: 
<X>:\cspm\cloakware\cspmclient\config\data\.cspmclient.dat 
  1. In PAM UI >> Credentials >> Manage A2A >> Clients >> "A2A Agent Hostname" >> click "Change Key"
  2. In PAM UI >> Devices >> "A2A Agent Hostname" >> Basic Info >> A2A section >> unselect "Active" 
  3. Start the A2A Agent Service on the Server in question 
  4. In PAM UI >> Devices >> "A2A Agent Hostname" >> Basic Info >> A2A section >> select "Active" 
  5. Validate that the <X>:\cspm\cloakware\cspmclient\config\data\.cspmclient.dat was recreated. 
  6. In PAM UI >> Credentials >> Manage A2A >> Clients >> "A2A Agent Hostname" >> click "Get All Script Hash" 
  7. Then in the PAM UI >> Credentials >> Manage A2A >> Scripts >> (Application) >> Hash should be listed