"AHD04400:Argument error" during user operation, with corresponding messages in the stdlog indicating that a specific parameter value failed against the pattern and request will be rejected

Document ID : KB000004418
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

During a particular operation, the user that is logged into the CA Service Desk Manager GUI through the web browser, receives "AHD04400:Argument error".  Additionally, several messages are written to the stdlog.

The messages written to the stdlog are similar to the following 3 messages:

10/21 09:23:05.31 sdm001 web:local 28275 ERROR session.c 5329 Parameter FAQ_WINDOW_NAME's value =(KT_FAQ_cr:418832),was failed against the pattern (AlphaNumericUnderScoreDot)


10/21 09:23:05.31 sdm001  web:local 28275 ERROR session.c 5330 Hence this web request will be rejected


10/21 09:23:05.31 sdm001  web:local 28275 ERROR session.c 4652 Error parsing cgi POST string "ENV_HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36&ENV_HTTP_COOKIE=loggedUser=uaq2uoh4kjetug7oTjGNdDvyJwREmOWeYTylRH7r7W4mm0XpCRYppE4XaUqP8Ovad436mB6zoRw=; FIDM_AUTH_SESSION_ID=SMS_defthw990cjweb_6ed905::21c28abd11fa1965cd27c417ee255e; BIGipServer~atf_17_ssn2~atf_17-sdm-cat.global-80=rd17o00000000000000000000ffffa1595d7do80; REF_FIDM_AUTH_SESSION_ID=SMS_defthw990cfweb_370d61::757987c3f2e1a9e4d9e8d782fb05975&ENV_DOCUMENT_ROOT=/var/www/html&ENV_REMOTE_USER=A566353@atos.net&ENV_REQUEST_METHOD=GET&ENV_REQUEST_URI=/CAisd/pdmweb.exe?SID=dJMuJuUo/P6i!W6kJMXHZrZk5Lht!SuuZwF0bqDLgU4NlLesfHpGleIu!/xOTWyh!cM7qL2EGQA=+FID=8319+OP=DISPLAY_FORM+HTMPL=kt_main2.htmpl+SD_LAUNCHED=cr:518832+LAUNCHED_ITIL=I+KCAT_REL_ID=+KCAT_REL_PATH=ZZ.Tools.SDM.FunctionalIssue+SD_CAT=pcat%253A2014670+FAQ_WINDOW_NAME=KT_FAQ_cr:518832+RELOAD_WIN=0+KEEP.IsPopUp=1+KEEP.POPUP_NAME=USD1477034583927+KEEP.use_role=1&ENV_SCRIPT_NAME=/CAisd/pdmweb.exe&SID=dJMuJuUo/P6i!W6kJMXHZrZk5Lht!SuuZwF0bqDLgU4NlLesfHpGleIu!/xOTWyh!cM7qL2EGQA=&FID=8319&OP=DISPLAY_FORM&HTMPL=kt_main2.htmpl&SD_LAUNCHED=cr:518832&LAUNCHED_ITIL=I&KCAT_REL_ID=&KCAT_REL_PATH=ZZ.Tools.SDM.FunctionalIssue&SD_CAT=pcat%3A2014670&FAQ_WINDOW_NAME=KT_FAQ_cr:518832&RELOAD_WIN=0&KEEP.IsPopUp=1&KEEP.POPUP_NAME=USD1477034583927&KEEP.use_role=1"

Environment:
CA Service Desk Manager 12.9CA Service Desk Manager 14.1
Cause:

The value of a security parameter in the web.cfg of the corresponding webengine process is preventing a request that is underlying the operation from being processed due to the pattern of the value does not match the expected pattern for the parameter.

The name of the security parameter and corresponding value are specified in one of the messages that are written to the stdlog.

 

For example, in the following message:

"10/21 09:23:05.31 sdm001 web:local 28275 ERROR session.c 5329 Parameter FAQ_WINDOW_NAME's value =(KT_FAQ_cr:418832),was failed against the pattern (AlphaNumericUnderScoreDot)"

the security parameter is "FAQ_WINDOW_NAME" and the value is "KT_FAQ_cr:418832". 

The pattern, "AlphaNumericUnderScoreDot", indicates that the value is expected to contain a dot character (".") in addition to alpha numeric characters and underscores.  The value is not expected to contain a colon (":")

Resolution:

Modify the web.cfg file that corresponds to the webengine named in the message. Search for all occurrences of the security parameter and confirm that the corresponding pattern is set according to what you require. 

In the case above, the webengine is "web:local".  Check the pdm_startup file that exists in the pdmconf subdirectory of the CA Service Desk Manager installation directory to confirm the name of the corresponding web.cfg file.  The default web.cfg file is named "web.cfg".  For example, the following statement in pdm_startup shows that "web:local" webengine is associated with "web.cfg":

WEBENGINE(webengine, $NX_LOCAL_HOST, web:local, domsrvr, $NX_ROOT/bopcfg/www/web.cfg, "", "rpc_srvr:%h")

In the case above, if you want to allow values that do not contain a dot but that do contain a colon, change the following statement in the web.cfg from:

SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScoreDot

to either:

SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScoreColon

or:

SecureParameter.FAQ_WINDOW_NAME AlphaNumericUnderScore

 

You should make the same change to the  corresponding web.cfg.tpl file so that the change persists.

The webengine needs to be recycled to pick up the change to web.cfg.  The webengine can be recycled either by killing it and allowing it to restart automatically, or by Stopping and restarting the CA Service Desk Manager service.  

Additional Information:

It is also possible to disable the validation. 

For information on how to disable or enable the relevant Options Manager option (or corresponding environment variable), please review the following page of the "CA Service Management 14.1" documentation: Secure CA SDM from Cross-Site Scripting Vulnerabilities