000037153 - CyberArk pass-through authentication stops at the login screen when the RSA Authentication Agent 7.x for Windows is installed

Document created by RSA Customer Support Employee on Feb 19, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037153
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Agent for Windows
RSA Version/Condition:  7.x 
 
Issue
  • The CyberArk or mRemoteNG pass-through authentication stops at the login screen when RSA Authentication Agent 7.x for Windows is installed.
  • When a username and password is pre-provided on a published application,like CyberArk,Microsoft Remote Desktop Connection (mRemoteNG), the users will see the login screen again if the RSA Authentication Agent 7.x for Windows is installed.

       Loginscreen 
Resolution
  1. Login to the machine where the RSA Authentication Agent for Windows is installed, with an administrator user who has read/write/execute permissions to the local group policy editor.
  2. In the Run box, type gpedit.msc and press Enter to access the local group policy editor.
  3. In the Local Group Policy Editor, navigate to Computer Configuration\Administrative Templates\Classic Administrative Templates\RSA Desktop\Local Authentication Settings\.
  4. Select the policy named Enable the Logon with credentials with remote applications.
  5. At the Accept remote credentials option, select All remote applications, as shown below:
           GPOpolicy
  1.  Click Apply and OK.
  2. Close the Local Group Policy Editor.
  3. From Start > Run, type cmd and press Enter.
  4. In the command prompt, type the command gpupdate /force then press Enter:


C:\Users\administrator> gpupdate /force
Updating policy...

Computer Policy update has completed successfully.
User Policy update has completed successfully.


  1. Log off from the desktop and try to login again
  2. This allows the authentication agent to use the credentials received from remote applications. Now the user should be able to login without an authentication prompt for unchallenged users.
NotesChallenged users will still continue to get the passcode prompt and they need to authenticate using their RSA SecurID token.

Attachments

    Outcomes