search cancel

"AHD04400:Argument error" during user operation, with corresponding messages in the STDLOG indicating that a specific parameter value failed against the pattern and request will be rejected


Article ID: 4418


Updated On:


CA Service Management - Service Desk Manager CA Service Desk Manager


During a particular operation, the user that is logged into the CA Service Desk Manager GUI through the web browser, receives "AHD04400:Argument error".  Additionally, several messages are written to the STDLOG.

The messages written to the STDLOG are similar to the following messages:

sdm001 web:local 28275 ERROR session.c 5329 Parameter FAQ_WINDOW_NAME's value =(KT_FAQ_cr:418832),was failed against the pattern (AlphaNumericUnderScoreDot)

sdm001  web:local 28275 ERROR session.c 5330 Hence this web request will be rejected

sdm001  web:local 28275 ERROR session.c 4652 Error parsing cgi POST string "ENV_HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36&ENV_HTTP_COOKIE=loggedUser=uaq2uoh4kjetug7oTjGNdDvyJwREmOWeYTylRH7r7W4mm0XpCRYppE4XaUqP8Ovad436mB6zoRw=; FIDM_AUTH_SESSION_ID=SMS_defthw990cjweb_6ed905::21c28abd11fa1965cd27c417ee255e;; REF_FIDM_AUTH_SESSION_ID=SMS_defthw990cfweb_370d61::757987c3f2e1a9e4d9e8d782fb05975&ENV_DOCUMENT_ROOT=/var/www/html&[email protected]&ENV_REQUEST_METHOD=GET&ENV_REQUEST_URI=/CAisd/pdmweb.exe?SID=dJMuJuUo/P6i!W6kJMXHZrZk5Lht!SuuZwF0bqDLgU4NlLesfHpGleIu!/xOTWyh!cM7qL2EGQA=+FID=8319+OP=DISPLAY_FORM+HTMPL=kt_main2.htmpl+SD_LAUNCHED=cr:518832+LAUNCHED_ITIL=I+KCAT_REL_ID=+KCAT_REL_PATH=ZZ.Tools.SDM.FunctionalIssue+SD_CAT=pcat%253A2014670+FAQ_WINDOW_NAME=KT_FAQ_cr:518832+RELOAD_WIN=0+KEEP.IsPopUp=1+KEEP.POPUP_NAME=USD1477034583927+KEEP.use_role=1&ENV_SCRIPT_NAME=/CAisd/pdmweb.exe&SID=dJMuJuUo/P6i!W6kJMXHZrZk5Lht!SuuZwF0bqDLgU4NlLesfHpGleIu!/xOTWyh!cM7qL2EGQA=&FID=8319&OP=DISPLAY_FORM&HTMPL=kt_main2.htmpl&SD_LAUNCHED=cr:518832&LAUNCHED_ITIL=I&KCAT_REL_ID=&KCAT_REL_PATH=ZZ.Tools.SDM.FunctionalIssue&SD_CAT=pcat%3A2014670&FAQ_WINDOW_NAME=KT_FAQ_cr:518832&RELOAD_WIN=0&KEEP.IsPopUp=1&KEEP.POPUP_NAME=USD1477034583927&KEEP.use_role=1"


The value of a security parameter in the web.cfg of the corresponding webengine process is preventing a request that is underlying the operation from being processed due to the pattern of the value does not match the expected pattern for the parameter.

The name of the security parameter and corresponding value is specified in one of the messages that are written to the STDLOG.

For example, in the following message:

"sdm001 web:local 28275 ERROR session.c 5329 Parameter FAQ_WINDOW_NAME's value =(KT_FAQ_cr:418832),was failed against the pattern (AlphaNumericUnderScoreDot)"

the security parameter is "FAQ_WINDOW_NAME" and the value is "KT_FAQ_cr:418832". 

The pattern, "AlphaNumericUnderScoreDot", indicates that the value is expected to contain a dot character (".") in addition to alphanumeric characters and underscores.  The value is not expected to contain a colon (":")


CA Service Desk Manager 12.9, 14.1 and 17.x

All Supported Operating Systems


Modify the NX_ROOT\BOPCFG\WWW\web.cfg file that corresponds to the webengine named in the message. Search for all occurrences of the security parameter and confirm that the corresponding pattern is set according to what you require. 

In the case above, the webengine is "web:local".  Check the pdm_startup file that exists in the NX_ROOT\pdmconf directory to confirm the name of the corresponding web.cfg file.  The default web.cfg file is named "web.cfg".  For example, the following statement in pdm_startup shows that "web:local" webengine is associated with "web.cfg":

WEBENGINE(webengine, $NX_LOCAL_HOST, web:local, domsrvr, $NX_ROOT/bopcfg/www/web.cfg, "", "rpc_srvr:%h")

In the case above, if you want to allow values that do not contain a dot but that do contain a colon, change the following statement in the web.cfg from:

SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScoreDot

to either:

SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScoreColon


SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScore

You should make the same change to the corresponding web.cfg.tpl file so that the change persists.

The webengine needs to be recycled to pick up the change to web.cfg.  The webengine can be recycled either by killing it and allowing it to restart automatically, or by stopping and restarting the CA Service Desk Manager service. 

Additional Information

It is also possible to disable the validation. 

For information on how to disable or enable the relevant Options Manager option (or corresponding environment variable), please review the following documentation: Secure CA SDM from Cross-Site Scripting Vulnerabilities