Troubleshooting guide for "Failed to read Credential from Credential Store type CyberArk Error code: 2304" error when using Get Credential Activity.

Issue Description:

When getting credentials from cyberark the following message is thrown: "Failed to read Credential from Credential Store type CyberArk Error code: 2304"

Root Cause: This error is thrown when Orchestrator is unable to fetch credentials. On the Orchestrator server, there should always be an error thrown by the source 'Orchestrator' that captures the exception thrown by the Cyberark SDK.

Diagnosing/Resolving

1. Verify the credential store set up and configuration of an account as shown in the Storing of Robot Credentials in CyberArk .
2. Check the Orchestrator server Event Viewer logs. There should be an exception thrown by Orchestrator.
   • When Orchestrator cannot get the credentials or the password SDK throws an exception, Orchestrator captures it and logs the exception.
3. If the error is: "The implementation is not part of windows platform Fips validated cryptographic algorithms", perform the approach below:
   1. Windows has a setting that prevents applications on the machine from using encryption that are not compliant with Federal Information Processing Standards(FIPS). This setting is typically only needed for servers that contain government data.
   2. Try Disabling FIPS Mode as shown below where Disabling FIPS Mode is a simple setting switch to the Local Policy.
   3. Go to Administrative Tools > Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
   4. Switch the flag to disabled.

FIPS.png435×515 8.36 KB

4. If the error is: Could not find password! Reason: '' UiPath.Orchestrator.Extensibility.SecureStores.SecureStoreException: Could not find password! Reason: '' at async Task" it could mean there is an issue with the SDK files for cyberark.
   1. This would happen when using the Cybeark SDK. This happens when the CyberArk SDK fails to run but does not throw an exception (Which is why the exception looks strange)
   2. Try manually running the SDK (Fill in the correct values for the command:
      • cd "C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk" $var = .\CLIPasswordSDK64.exe GetPassword /p "AppDescs.AppID=APP_ID" /p "Query=Safe=SAFE_NAME;Folder=Root;Object=OBJECT_NAME" /o Password $var
      • It should return a password.
      • If it returns an error or does not return a password, that is the issue.
      • Try running the command with the 32 bit version (i.e .\CLIPasswordSDK.exe)
      • If this works, in the Orchestrator DLL file, change the referencesto the SDK to the 32 bit version, rather than the 64 bit version.
        • From:
        • To:
5. If the error is different from the above or there is no error in the event viewer logs, capture the unfiltered event viewer logs and open a ticket with UiPath.

A post was split to a new topic: Advice on Reading Credential From Credential Store Type Using CyberArk CCP

If this doesn’t work, try changing “Object” to “UserName”.