ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PAM-CM-3455: No Password Authority Windows Proxy specified

book

Article ID: 132595

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

The addTargetApplication CLI command is not working correctly for the “windows” application type, which is used for Windows Proxy target applications. We are not able to set multiple values for attributes - Attribute.dnsServer and Attribute.agentId using a comma separated list as documented at https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors/add-a-windows-proxy-connector/windows-proxy-target-connector-cli-configuration.
Using the Remote CLI on Windows, we get the following error:
>capam_command capam=<pamserver FQDN> adminUserID=super cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002
Enter password:
 <CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>5052</cr.statusCode><cr.statusDescription>PAM-CM-3455: No Password Authority Windows Proxy specified.</cr.statusDescription><cr.result></cr.result></CommandResult>

Cause

On Windows comma-separated lists that are not put in quotes can result in command argument parsing problems.

Environment

PAM 3.2.4, but may be observed at other releases as well

Resolution

On Windows (cmd.exe) enclose attribute values with comma-separated lists in quotes, like this:

>capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer="10.10.10.111,10.10.10.112" Attribute.agentId="1001,1002"

This is not necessary when using the remote CLI on UNIX/Linux. The following command will work just fine on a UNIX or Linux host:

# ./capam_command -n <pamserver> -u super -p <password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-UNIX TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002


If you are using Power Shell on Windows, you need to put arguments with comma-separated lists into variables similar to the following:

> $DNSserverArg='Attribute.dnsServer="10.10.10.111,10.10.10.112"' 
> $PAMproxiesArg='Attribute.agentId="1001,1002"' 
> .\capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN-PS TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS $DNSserversArg $PAMproxiesArg