A2A client failed to connect to PAM server

book

Article ID: 104203

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

I have installed A2A client successfully but noticed it doesn't connect to PAM server. There is no firewall between A2A machine and PAM server. I can confirm cspmclientd process is listening on TCP/28888 port on A2A machine and from PAM Client's Credentials > Manage A2A > Clients page I can see the A2A machine is listed but the Version is shown as 0.0.0 and Connection Status icon is orange color.

 


The following error is seen in $CSPM_CLIENT_HOME/cspmclient/log/cspm_client_log.txt file.

FINE: Fri June 29 09:47:55.600 AEST 2018 XmlStreamHandlerForKeyMgm::characters. Server returns: errorCode 401
FINE: Fri June 29 09:47:55.601 AEST 2018 XmlStreamHandlerForKeyMgm::characters. Server returns: errorMessage PAM-CM-0567: Failed to authenticate with the Password Authority service.
INFO: Fri June 29 09:47:55.635 AEST 2018 XmlStreamHandlerForKeyMgm::endDocument. Completed XML  parsing
WARNING: Fri June 29 09:47:55.635 AEST 2018 ClientService::loginToCSPMServer. !ks.login(this)
WARNING: Fri June 29 09:47:55.635 AEST 2018 ClientService::loginToCSPMServer. Failed to perform CSPM Server login

Cause

A2A client of PAM 3.2 version, i.e. version 4.15.0, is installed and it doesn't communicate well to PAM 3.0.3 due to incompatibility.

Environment

PAM 3.0.3
A2A client is installed on RHEL 7.x machine

Resolution

From CA Support Online Download Center download A2A client of PAM 3.0.1 version, i.e. version 4.13.1. Uninstall A2A client version 4.15.0 and install 4.13.1 instead.

Attachments

1558700187067000104203_sktwi1f5rjvs16k02.png get_app