|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
- During a load test of RSA Authentication Agent 7.2.1 for Windows build 73 (184.108.40.206), logon errors started happening after 30 RDP users connected to the Windows server.
- The server is always LAN connected; therefore, the users who connect to this server never need Offline Authentication download days.
- Users would like to use Windows Password Integration, which uses the RSA Authentication Agent Offline Local Service (to TCP port 5580 on the RSA Authentication Manager server).
- The download of offline days appears to be slowing down the Windows server, preventing some users from connecting and authenticating (typically the 31st user).
- Admins would like to disable the downloading of offline days on the server, but leave the Offline Local Auth service running in case a user needs to change/update their Windows password.
The right approach is to disable the DA_SVC by using the registry. Stopping the DA_SVC without registry key isolation causes more problems than it fixes.
- Delete the InstallDir registry string from HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\ in the Windows Registry.
- Upgrade to the latest (latest release as of 9 January 2020).
- (The latest windows agent is available on RSA LINK web site
- From Start, type regedit to open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\.
- Delete the InstallDir registry string.
|Notes||AAWIN-2180 (Lac Agent 220.127.116.11 - RDP timeout timeout issue and login issue) addressed this issue and was closed in 2015.|
If one only needs to retrieve the password from the server as the user logs in, then one does not need the Offline Authentication Service. (AceGetLoginPW() retrieves the password from the sSUSER structure's loginPW member). However, if one also needs to support updating the password on the RSA Authentication Manager server, then one needs to communicate with the Offline Authentication Service (AceSetLoginPW() invokes AceDASetLoginPW() to set the password through the Offline Authentication Service).