search cancel

A2A client reports Error code 401 on a Password Retrieval request (due to NATed servers)


Article ID: 253901


Updated On:


CA Privileged Access Manager (PAM)


A2A client reports "error code 401" encountered on Password Retrieval requests.

Catalina logs shows the error below: GetScriptCredentialsCmd.getScriptAuthorization could not find script auth.



Release : All supported PAM releases


For the given IP address a required script authorization mapping cannot be located in PAM's database.




Customer had applied NATing on the servers that observed this issue. Once NATing was removed then both the errors were eliminated, one in catalina logs (getScriptAuthorization could not find script auth) and other ("error code 401") in A2A client logs. Essentially removing NATing resolved the issue and A2A's Password Retrieval was successful.

Additional Information

During Password Retrieval processing, PAM first retrives a A2A client record from its database. PAM uses Server ID and Fingerprint and  Hostname for this retrieval. If PAM cannot find any record  by these means in its database then PAM returns this error -getScriptAuthorization could not find script auth