search cancel

A2A client reports Error code 401 on a Password Retrieval request (due to NATed servers)

book

Article ID: 253901

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A2A client reports "error code 401" encountered on Password Retrieval requests.

Catalina logs shows the error below:
com.cloakware.cspm.server.app.impl.GetScriptCredentialsCmd.getScriptAuthorization GetScriptCredentialsCmd.getScriptAuthorization could not find script auth.

 

Environment

Release : All supported PAM releases

Cause

For the given IP address a required script authorization mapping cannot be located in PAM's database.

 

 

Resolution

Customer had applied NATing on the servers that observed this issue. Once NATing was removed then both the errors were eliminated, one in catalina logs (getScriptAuthorization could not find script auth) and other ("error code 401") in A2A client logs. Essentially removing NATing resolved the issue and A2A's Password Retrieval was successful.

Additional Information

During Password Retrieval processing, PAM first retrives a A2A client record from its database. PAM uses Server ID and Fingerprint and  Hostname for this retrieval. If PAM cannot find any record  by these means in its database then PAM returns this error -getScriptAuthorization could not find script auth