PAM End User is attempting to use the A2A client, connected to PAM, on a Windows server.
However they cannot obtain the hash for a particular application (java.exe).

The application hash is blank.  On the Server when they attempt to retrieve a password they get error 437 (Security exception. Data tampering detected. Request denied.) for all attempts to retrieve credentials.

In cspm_client_log they get the following errors: 

ScriptService::doGet. errorCode: 437, accountId: null, password: null, XML block length: 0 

and:

PAM-CM-0603: Security exception. Data tampering detected. Request denied.. Key is empty 

Applies to any supported PAM release

Request For Information (RFI)

1. Stop the A2A Agent 
2. Remove the Agent's cache file: 

3. In PAM UI >> Credentials >> Manage A2A >> Clients >> "A2A Agent Hostname" >> click "Change Key"
4. In PAM UI >> Devices >> "A2A Agent Hostname" >> Basic Info >> A2A section >> unselect "Active" 
5. Start the A2A Agent Service on the Server in question 
6. In PAM UI >> Devices >> "A2A Agent Hostname" >> Basic Info >> A2A section >> select "Active" 
7. Validate that the <X>:\cspm\cloakware\cspmclient\config\data\.cspmclient.dat was recreated. 
8. In PAM UI >> Credentials >> Manage A2A >> Clients >> "A2A Agent Hostname" >> click "Get All Script Hash" 
9. Then in the PAM UI >> Credentials >> Manage A2A >> Scripts >> (Application) >> Hash should be listed

 

 

In some cases where you get a 437 error it may be sufficient to perform steps 3 and 8. You can try that first, use the "Check Connection Status" button to verify that PAM can communicate with the A2A client afterwards, and then try an A2A call again. If it works, you don't need to go through the full procedure.