000030095 - Disable offline day downloads yet run offline local Sservice for RSA Authentication Agent 7.2.1 for Windows

Document created by RSA Customer Support Employee on Jan 10, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000030095
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
Issue

Use case



  • During a load test of RSA Authentication Agent 7.2.1 for Windows build 73 (7.2.1.73), logon errors started happening after 30 RDP users connected to the  Windows server.
  • The server is always LAN connected; therefore, the users who connect to this server never need Offline Authentication download days.
  • Users would like to use Windows Password Integration, which uses the RSA Authentication Agent Offline Local Service (to TCP port 5580 on the RSA Authentication Manager server).  
  • The download of offline days appears to be slowing down the Windows server, preventing some users from connecting and authenticating (typically the 31st user).
  • Admins would like to disable the downloading of offline days on the server, but leave the Offline Local Auth service running in case a user needs to change/update their Windows password.
Tasks
  1. Delete the InstallDir registry string from HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\ in the Windows Registry.
  2. Upgrade to the latest RSA Authentication Agent 7.4.3 for Windows (latest release as of 9 January 2020).
  3. (The latest windows agent is available on RSA LINK web site 
The right approach is to disable the DA_SVC by using the registry.  Stopping the DA_SVC without registry key isolation causes more problems than it fixes.
Resolution
  1. From Start, type regedit to open the Registry Editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\.
  3. Delete the InstallDir registry string.

InstallDir
NotesAAWIN-2180 (Lac Agent 7.2.1.72 - RDP timeout timeout issue and login issue) addressed this issue and was closed in 2015.

If one only needs to retrieve the password from the server as the user logs in, then one does not need the Offline Authentication Service.    (AceGetLoginPW() retrieves the password from the sSUSER structure's loginPW member). However, if one also needs to support updating the password on the RSA Authentication Manager server, then one needs to communicate with the Offline Authentication Service (AceSetLoginPW() invokes AceDASetLoginPW() to set the password through the Offline Authentication Service).
 

Attachments

    Outcomes