000031460 - Using RSA SecurID software token 5.0 for Windows with Citrix non-persistent Xenapp vitual desktops

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031460
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4
Platform: Windows
O/S Version: 2008 Server R2 x64
IssueThe user will need to re-import the software token everytime they access the Xenapp desktop
Cause:
The windows software token file is removed everytime a user logs off the virtual desktop, thus the token files must be stored in a single database accessed by all users
To create a single database, you must install the desktop application from the msiexec command line, using the SETSINGLEDATABASE property. 
This property creates a single database in the All Users directory. When the user starts prelogon to the VPN client, for example, the VPN client retrieves a token from All Users.
ResolutionThe following command creates a single token storage database that is not associated with a specific user. 

Install a Single Token Database to the Default Location
For the Standard desktop application, type:
msiexec /qn /i pathname\RSASecurIDToken500.msi /lv c:\install.log SETSINGLEDATABASE=TRUE
For the RSA SecurID Software Token with Automation, type:
msiexec /qn /i pathname\RSASecurIDTokenAuto500.msi /lv c:\install.log SETSINGLEDATABASE=TRUE
Install a Single Token Database to a Non-Default Location
Using an absolute path with the SETDATABASEDIR property creates a single database instance that is owned by the first user to use the application.
The first example specifies an absolute path that begins with the drive letter and a backslash: drive:\. The second example uses the %HOMEDRIVE% Windows environment variable to specify the drive letter that is set in Active Directory.
For the Standard desktop application, type:
msiexec /qn /i pathname\RSASecurIDToken500.msi /lv c:\install.log SETSINGLEDATABASE=TRUE SETDATABASEDIR=c:\LocalDir
For the RSA SecurID Software Token with Automation, type:
msiexec /qn /i pathname\RSASecurIDTokenAuto500.msi /lv c:\install.log SETSINGLEDATABASE=TRUE  SETDATABASEDIR=%HOMEDRIVE%\LocalDir

 
NotesThe SETDATABASEDIR should be a drive, not a directory 

Attachments

    Outcomes