Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032866 - New PIN Mode and Next Tokencode Mode fail after Cisco ASA upgrade to 9.1.7 in RSA Authentication Manager 8.x

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Jan 8, 2020

Version 5Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032866
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x Platform (Other): Cisco ASA O/S Version: ASA 9.1.7
Issue	New PIN Mode and Next Tokencode Mode always result in a failure when using Cisco clients after the recent upgrade to ASA 9.1.7. After the upgrade: Users are unable to set PINs for tokens. Authentication failures when the next tokencode is entered. The error shows on the Authentication Manager real-time activity monitor as follows: Passcode format error and authentication failure On the Cisco client, the error is: Session operation failure processing request from agent
Resolution	This is Cisco bug CSCuy89425 (AAA: RSA/SDI unable to set new PIN), and it occurs with the RSA SecurID_Native protocol. Possible workarounds include: Switch to RADIUS protocol (as per the RSA SecurID Access Implementation Guide for the Cisco Adaptive Security Appliance (ASA). Authenticate from the Self-Service Console when a token is in New PIN Mode or Next Tokencode Mode. For more details on how to resolve the issue for a Cisco VPN client or iPhone, review documentation for CSCuy89425 (AAA: RSA/SDI unable to set new PIN).

Attachments

Outcomes

0 Comments

Recommended Content