A2A client failed to connect to PAM server

Article Id: 104203
Status: Published
Updated On: 03-07-2018 23:28
Products:
CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)
Issue/Introduction:

I have installed A2A client successfully but noticed it doesn't connect to PAM server. There is no firewall between A2A machine and PAM server. I can confirm cspmclientd process is listening on TCP/28888 port on A2A machine and from PAM Client's Credentials > Manage A2A > Clients page I can see the A2A machine is listed but the Version is shown as 0.0.0 and Connection Status icon is orange color.

<Please see attached file for image>

A2A Client Connection Status is Orange in PAM UI
The following error is seen in $CSPM_CLIENT_HOME/cspmclient/log/cspm_client_log.txt file.

FINE: Fri June 29 09:47:55.600 AEST 2018 XmlStreamHandlerForKeyMgm::characters. Server returns: errorCode 401
FINE: Fri June 29 09:47:55.601 AEST 2018 XmlStreamHandlerForKeyMgm::characters. Server returns: errorMessage PAM-CM-0567: Failed to authenticate with the Password Authority service.
INFO: Fri June 29 09:47:55.635 AEST 2018 XmlStreamHandlerForKeyMgm::endDocument. Completed XML  parsing
WARNING: Fri June 29 09:47:55.635 AEST 2018 ClientService::loginToCSPMServer. !ks.login(this)
WARNING: Fri June 29 09:47:55.635 AEST 2018 ClientService::loginToCSPMServer. Failed to perform CSPM Server login

Cause:

A2A client of PAM 3.2 version, i.e. version 4.15.0, is installed and it doesn't communicate well to PAM 3.0.3 due to incompatibility.

Environment:

PAM 3.0.3
A2A client is installed on RHEL 7.x machine

Resolution:

From CA Support Online Download Center download A2A client of PAM 3.0.1 version, i.e. version 4.13.1. Uninstall A2A client version 4.15.0 and install 4.13.1 instead.

insert_drive_file 1558700187067000104203_sktwi1f5rjvs16k02.png
arrow_downward Download