PAM CLI Command addTargetApplication fails


Article ID: 126429


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


The addTargetApplication CLI command fails, even though the example in the documentation is followed.  Here is the syntax being used:
capam_command capam=<> adminUserId=super cmdName=addTargetApplication TargetServer.hostName=<><> "TargetApplication.type=Windows Remote"<>

Here is the error that appears:
Error Message : 0 1 PAM-CM-0536: Application error occurred. An error occurred while executing the command: addTargetApplication

The Application type is "windows remote" and all other fields, like target server hostname, password policy, are the same as what as what is defined in PAM.


Component: CAPAMX


There are a couple of problems with the call that was issued, and the documentation that led to misinterpretation of how to specify the options.  The addTargetApplication command expects the TargetServer.hostName parameter to specify the value in the Address field on the Device page, not the Name field.  The second problem is that the value provided by the command is not correct.  The actual string is windowsRemoteAgent.  This was determined by manually creating a Windows Remote application and executing the searchTargetServer command

You can execute the CLI commands via a browser by setting up as follows:
https://<your PAM address>/cspm/servlet/adminCLI?adminUserID=<your admin user>&adminPassword=<&cmdName=searchTargetServer&TargetServer.hostName=<value of address field on device page>

For this issue there are a couple of useful commands:
https://<your PAM address>/cspm/servlet/adminCLI?adminUserID=<your admin user>&adminPassword=<your admin password>&cmdName=searchTargetApplication&TargetServer.hostName=<address from Device page for the device to which the application was manually added>

Search the content that is returned for the name of the application you manually created.  Just after the name you will see the actual string.  For a Windows Remote application this will be windowsRemoteAgent.  The documentation should include the correct strings to use, and does for some application types.  This is being addressed with the documentation team, but for now use this technique for any that are not listed.

To add a Windows Remote application you can use the following:
https://<your PAM address>/cspm/servlet/adminCLI?adminUserID=<your admin user>&adminPassword=<your admin password>&cmdName=addTargetApplication&TargetServer.hostName=<address from Device page for the device to which the application was manually added>&