Symantec Privileged Access Management

Expand all | Collapse all

PAM 3.3.2 Error getting the hash for A2A script

Jump to Best Answer
  • 1.  PAM 3.3.2 Error getting the hash for A2A script

    Posted 03-07-2020 11:04 AM
    Hi Community


    I am preparing to implement a2a in a client so I decided to implement this functionality in my laboratory, the error is presented when I try to get the script hash to validate the example of VB_Sample64.exe I have tried several times but I never get the hash

    The folder must be shared?

    What should I configure additional? I am following the course
    CA Privileged Access Manager r3.x: Implement the Application to Application Client 300

    ------------------------------
    Julian Riano
    MSL
    ------------------------------


  • 2.  RE: PAM 3.3.2 Error getting the hash for A2A script

    Posted 03-10-2020 09:50 AM
    Hello Julian, Are you sure that you have the file path to the executable configured correctly in the A2A Script definition in PAM? If you temporarily change the tomcat log level to FINE, run the executable from the A2A client, set the log level back and then download and edit the tomcat log, you should see the path that the client sends to PAM for this script. Note that it can take up to 30 seconds before the tomcat log level change takes effect.


  • 3.  RE: PAM 3.3.2 Error getting the hash for A2A script

    Posted 03-24-2020 01:31 PM
    Thanks Ralf I managed to overcome the error

    Now I have an error trying to get the password of an account when I enable the options for Windows scripts
    Check Execution Path
    Check File Path
    Perform Script Integrity Validation

    In Linux script it works correctly, but in Windows I can't get the credentials. Any recommendation on how I should run the file vb_example.exe


  • 4.  RE: PAM 3.3.2 Error getting the hash for A2A script
    Best Answer

    Posted 03-24-2020 05:14 PM
    Hi Julian, I can only refer you to my previous update. The tomcat log will show you all parameters the A2A client sends up to the PAM server, and you can compare them with what you have configured in the A2A script.