A2A: Server rejected client login with errorCode 401. Possible cause: db file, .cspmclient.dat is out of synch with the Server

Document ID : KB000100694
Last Modified Date : 08/06/2018
Show Technical Document Details
Issue:
Having issues with a script that is failing to pass the password authentication. 
The A2A client logs say:  Server rejected client login with errorCode 401. Possible cause: db file, .cspmclient.dat is out of synch with the Server 
Environment:
PAM 3.1.1
Cause:
It is possible that this client has pointed to a different PAM server in the past. That would put the digest key stored in the client cache file (.cspmclient.dat) out of sync with the PAM server. 
Resolution:
Try this first from PAM to update the A2A Client key: 

1.Select Credentials, Manage A2A, Clients. The Client List page appears. 
2. Select the server where the A2A client is installed and select VIEW. The Client Details page appears. 
When the A2A client is not reachable from the site server, you must log into the site where the A2A client is registered. 
3. Select the Change Key button. 


If there is a problem with the above procedure, then try this: 
1. Check the cspm_client_config.xml is pointing to the PAM server in the <cspmserver> tag. 
/opt/cloakware/cspmclient/config/cspm_client_config.xml 

2. Remove the cache file. It will get recreated. 
cd /opt/cloakware/cspmclient/config/data 
remove .cspmclient.dat file. 
Do not remove the other key files in this directory, just the .cspmclient.dat file. 

Restart the cspmclient daemon. 
It should establish a new key with the server.