PAMSC Policy doesn't deploy - ERROR: '{0}''{1}' is not finalized
Article ID: 261531
Updated On: 10-16-2023
Products
Issue/Introduction
When trying to deploy a policy in OnePAM, the policy is stuck as queued. Running these same commands manually works fine, but the following error is observed when trying to deploy from the PAM GUI.
ERROR: '{0}' '{1}' is not finalized.
The policy remains in the queue only and does get deployed.
Error Message:
Environment
Privileged Access Manager 4.1
Cause
Once the PAM sends the deployment script details to endpoint, the endpoint will try to validate/deploy the script. If any errors occur during the validation/deployment time the endpoint will send the error code and error parameters back to PAM.
e.g. If the deploy script contains the following invalid text "invalid_script_command"
Then the endpoint will send the editres DEPLOYMENT ("1234567890#e1dd2345-1a2c-123f-1a2e-123cca456efa") result+('9993!$!invalid_script_command') in this 9993 is the error code and invalid_script_command is the error parameter.
However, in this case of the above deployment, the endpoint is sending only the error code but not the error parameters.
editres DEPLOYMENT ("987654321#9bff8ca7-65ae-4f32-a198-76eb54fb3219") result+('36972') as PAM is not received any error parameters in the response we are displaying the message as is.
In this deployment, since the policy is containing single quotes the validation is failing.
Resolution
Policy script can't contain any single quotes. We can see that the sample script used in this deployment contains single quotes. We need to use double quotes for the script.
e.g:
Deploy Script:
er specialpgm ("C:\Windows\system32\conhost.exe") pgmtype(kill)
er specialpgm ("C:\Program Files\CA\PAMSC\bin\AgentManager.exe") pgmtype(kill)
UnDeploy Script:
rr specialpgm ("C:\Windows\system32\conhost.exe")
rr specialpgm ("C:\Program Files\CA\PAMSC\bin\AgentManager.exe")
Feedback
