We have Enabled the use case of A2A Powershell. But, when we enable the 'GetScript Hash' from the Credentials --->Manage A2A -->Script and also enabled the Credentials ----> Manage A2A ---> Mapping 'Perform Script Integrity Validation'.

Next at the A2A client end if three is a change in the script, then still If we pass the execution path it is showing code 400 as a success.

Below is the snippet from the A2A client log

Client Daemon Event Log:
WARNING:  ClientDaemonManager::main. Cache file: c:\cspm\cloakware\cspmclient\config\data\.cspmclient.dat has been invalidated.
WARNING:  ApplicationCSPM::initAppConfig. CPA Client is in FIPS mode
WARNING:  ClientService::loginToCSPMServer. start
WARNING:  ClientService::loginToCSPMServer. done

Release: 3.3.x

A2A Client is on Windows 2016 server.

Component: PRIVILEGED ACCESS MANAGEMENT

This is caused due to the incorrect version of A2A client being deployed to communicate with the CA PAM server. 

The CA PAM server and A2A client should be the same version, the A2A client can be 32 bit or 64 bit depending upon the version of the A2A client operating system bit level.

Deploying the correct version of A2A client matching the CA PAM server version will resolve the problem and the proper return codes are visible if the A2A script is modified.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/introduction/credential-manager-overview/application-to-application-a2a-credential-management.html