000037198 - Incorrect prompt on Citrix NetScaler page for RSA Authentication Manager 8.4

Document created by RSA Customer Support Employee on Feb 27, 2019Last modified by RSA Customer Support Employee on Jul 8, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000037198
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type: Authentication  Manager
RSA Version/Condition:  8.4

Text displayed on the PIN reset page in a RADIUS client displays incorrect, scrambled messages.
Even though nthis text is not  found in the securid.ini file, the packet capture shows that the texts are from RSA Authentication Manager servers:

User-added image

  • The incorrect text is as follows:

PIN accepted. Wair the tooken code to chaangge, then entterr te new passcoodee: 

  • There are various other scrambled messages found in an Access-Challenge:

Enter a new PIN having from 4 to 8 alphanumrric characters 
User-added image

PIN jected. Plleastry again 
User-added image

PINs not maatcch. Pase try aagaain 
User-added image
Workaround Removing text of  '\r\n' that appears in front of RSA Prompts for corresponding string values in the securid.ini file found in the Operations Console resolves the issue.

Note: Prior performing the following tasks make a backup of existing contents in securid.ini file and save it to a text editor in a safe location. 

  1. Log on to the Operations Console on the primary RSA Authentication Manager instance hosting the RADIUS server. 
  2. Click Deployment Configuration > RADIUS Servers.
  3. If prompted, enter the Super Admin user ID and password, and click OK.
  4. Select the RADIUS server hosted on this instance, and select Manage Server Files from the context menu.
  5. On the Manage Server Files page, do the following:
  6. Click the Configuration Files tab to see the configuration files, such as .conf, .aut, and .ini.
  7. Select the securid.ini file and select Edit from the context menu.
  8. Edit the text file with the contents in file securid.ini attached to this article and click Save.
  9. Click Save & Restart RADIUS Server for the changes to take effect.
  10. Repeat steps 1 through 9 on each replica in the Authentication Manager deployment, one at a time.
Below are the entries in the securid.ini file that are being changed to resolve the errors observed on the end user's machine during authentication.

;RSA Prompts
ExtInputMayChoose       = A new PIN is required.Do you want system to generate your new PIN? (y/n): 
ExtInputReadyForPin_1_S = Are you satisfied with system generated PIN %s ? (y/n): 
ExtInputMustChoose_D    = \r\nEnter a new PIN having %d digits: 
ExtInputMustChoose_C    = Enter a new PIN having %d alphanumeric characters: 
ExtInputMustChoose_D_D  = Enter a new PIN having from %d to %d digits: 
ExtInputMustChoose_C_C  = Enter a new PIN having from %d to %d alphanumeric characters: 
ExtOutputChange         = PIN Accepted.Wait for the token code to change,then enter the new passcode: 
ExtInputYesOrNo         = \r\nPlease enter \'y\' or \'n\': 
ExtInputNextCode        = Wait for token to change,then enter the new tokencode: 
ExtOutputReject         = PIN rejected. Please try again.
ExtPromptNotUsed        = Invalid PIN was specified
ExtOutputDeniedFinal    = Access Denied
ExtPromptNotUsed        = System Generated PINs Are Disabled. Access Denied.
ExtOutputAccepted       = \r\nPASSCODE Accepted\r\n
ExtInputEnterPasscode   = \r\nPlease Enter PASSCODE
ExtInputReenterPin      = \r\nPlease re-enter new PIN: 
ExtInputReenterPin_1    = PINs do not match. Please try again