Symantec Privileged Access Management

 View Only
Expand all | Collapse all

"Bad net path Error" when you synchronize admin account with windows proxy agent

Jump to Best Answer
  • 1.  "Bad net path Error" when you synchronize admin account with windows proxy agent

    Posted Aug 15, 2018 11:59 AM
    Hi Community

    I'm doing the registration and synchronization process for administrator accounts in endpoint windows, but for some the "PAM CM-1119: Error"error is generated, reviewing the tomcat log trace the following information WindowsAgent: Error: 4678 : 53-ERROR_BAD_NETPATH
    Aug 15, 2018 2:59:14 PM com.cloakware.cspm.server.app.impl.la c
    SEVERE: UpdateTargetAccountCmd.invoke 4678: 53-ERROR_BAD_NETPATH
    null
    Aug 15, 2018 2:59:14 PM com.cloakware.cspm.server.app.impl.la c
    SEVERE: UpdateTargetAccountCmd.invoke Error
    com.cloakware.cspm.server.app.ApplicationException: UpdateTargetAccountCmd.invoke Failed to synchronize password with target
        at com.cloakware.cspm.server.app.impl.la.c(SourceFile:965)
        at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:263)
        at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:122)
        at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:114)
        at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:110)
        at com.ca.pam.rest.TargetAccountService.update(SourceFile:361)
        at sun.reflect.GeneratedMethodAccessor499.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
        at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
        at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
        at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
        at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1179)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at com.ca.pam.RestAuthenticationFilter.doFilter(SourceFile:259)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at com.ca.pam.AuthFilter.doFilter(SourceFile:102)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at com.ca.pam.CSRFFilter.doFilter(SourceFile:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at com.ca.pam.EncodingFilter.doFilter(SourceFile:18)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
        at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:188)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2476)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2465)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

    Aug 15, 2018 2:59:14 PM com.ca.pam.rest.PAUtil generateExceptionFromAppCtx
    SEVERE: UpdateTargetAccountCmd.invoke Failed to synchronize password with target
    Time = Tue Jul 24 15:05:21 UTC 2018
    Time = Tue Jul 24 15:25:49 UTC 2018
    Time = Tue Jul 24 15:27:32 UTC 2018
    Time = Tue Jul 24 15:29:13 UTC 2018
    WindowsAgent: Error: 4678 : 53-ERROR_BAD_NETPATH
    Aug 15, 2018 3:34:36 PM com.cloakware.cspm.server.app.impl.la c
    SEVERE: UpdateTargetAccountCmd.invoke 4678: 53-ERROR_BAD_NETPATH
    null
    When reviewing the agent's log the following information is displayed

    Client Daemon Event Log:
    WARNING: mié agosto 15 09:57:34.739 COT 2018 ClientDaemonManager::main. Cache file: C:\cspm\cloakware\cspmclient\config\data\.cspmclient.dat does not exist
    WARNING: mié agosto 15 09:59:12.973 COT 2018 CSPMAgentService::verifyWindowsAccountPassword. Operation not successful, message: 53-ERROR_BAD_NETPATH
    WARNING: mié agosto 15 10:34:34.493 COT 2018 CSPMAgentService::verifyWindowsAccountPassword. Operation not successful, message: 53-ERROR_BAD_NETPATH
    WARNING: mié agosto 15 10:39:05.338 COT 2018 CSPMAgentService::listAccounts. End of operation, message: 172.19.3.64 : -2147023174-RPC_S_SERVER_UNAVAILABLE


  • 2.  Re: "Bad net path Error" when you synchronize admin account with windows proxy agent
    Best Answer

    Broadcom Employee
    Posted Aug 15, 2018 01:31 PM

    Hi Julian, We had a few cases open reporting this error and none of them turned out to be a PAM problem so far. In most cases the customers were able to find the problem. One case had the following comment:

    "There was no problem with CA PAM. The Windows Proxy was behind a firewall with network address translation, and the IPs defined as device addresses in CA PAM could not be resolved on the Proxy side.”

     

    While that is unlikely to be the problem in your case, here is a way to get more specific information in the Windows Proxy log:

    • Go to the config folder under the Windows Proxy installation folder, typically C:\cspm_agent\cloakware\cspmclient\config
    • Edit file cspm_client_config.xml. Change the <loglevel> line (line 6) from "<loglevel>WARNING</loglevel>” to "<loglevel>FINE</loglevel>”
    • Restart the "PAM proxy” service.
    • Reproduce the problem and view the agent log again. Now you see which address (and if applicable) which domain PAM uses to try to connect to the target device. If that information is wrong, the device or target application likely is not configured correctly. If it is right, then check on why the Windows Proxy host cannot connect to the target device on which the account lives.

     

    If you cannot figure it out, please open a support case.

     



  • 3.  Re: "Bad net path Error" when you synchronize admin account with windows proxy agent

    Posted Oct 19, 2018 03:17 PM

    Hi

    Was solved by enabling ports 445, 139 in the firewall.

     

    Thanks