000032866 - New pin mode and next token code mode failure after Cisco upgrade in RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032866
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: Linux
Platform (Other): Cisco ASA 
O/S Version: ASA 9.1.7
IssueNew pin mode and next tokencode mode always result in a failure when using Cisco clients after the recent upgrade to ASA 9.1.7
  • Unable to set pin for tokens.
  • Authentication failure when next tokencode is entered.
Error on the Authentication Manager real-time activity monitor:
passcode format error and authentication failure

Error on the Cisco client:
"Session operation failure processing request from agent"

ResolutionThis is a Cisco bug (with reference: CSCuy89425), and it occurs with the securID native protocol. 
Possible workarounds:
1. Switch to Radius protocol (as per the integration guide). 
2. Authenticate from the Self-Service console when a token is in new pin mode or next tokencode mode.
User-added image