000032110 - RSA Authentication Manager SDK 8.5 (for Java) failed on startup with a "CRED_MISMATCH" error

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032110
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager SDK / API
RSA Version/Condition: 8.5
Platform: Java
IssueRSA Authentication Manager SDK 8.5 (for Java) failed on startup with a "CRED_MISMATCH" error.
The error message below is reported in the output.
 
Can't create api: com.rsa.authagent.authapi.AuthAgentException: Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: connect exception processing key negotiation request: com.rsa.authmgr.commonagent.h: Key negotiation exchange failed. Server response was CRED_MISMATCH
com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: connect exception processing key negotiation request: com.rsa.authmgr.commonagent.h: Key negotiation exchange failed. Server response was CRED_MISMATCH
    at com.rsa.authagent.authapi.AuthSessionFactory.a(AuthSessionFactory.java)
    at com.rsa.authagent.authapi.AuthSessionFactory.getInstance(AuthSessionFactory.java)
    at AuthUser.<init>(AuthUser.java:32)
    at AuthUser.main(AuthUser.java:62)


The API log reports the error message below.
[2015-12-03 16:50:30,241] INFO main - staring key negotiation. Connection: ServerConnection [ serviceType=MSGKEY, serviceURL=http://192.168.56.100:5500/Services/MessageKeyService, conn=null]
[2015-12-03 16:50:30,389] ERROR main - Error in processing Authn request: connect exception processing key negotiation request: com.rsa.authmgr.commonagent.h: Key negotiation exchange failed. Server response was CRED_MISMATCH
[2015-12-03 16:50:30,389] ERROR main - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: connect exception processing key negotiation request: com.rsa.authmgr.commonagent.h: Key negotiation exchange failed. Server response was CRED_MISMATCH
ResolutionThe issue occurs because the agent name is mismatched between the agent machine and the AM server side.
To resolve it, there are two options that can be performed.
Option 1
  1. Comment "RSA_AGENT_NAME" in the rsa_api.properties file (when this line was commented out Agent SDK will use it's hostaname as the agent name).
  2. In Security Console, modify that agent record and change its name to the hostname of the agent machine.
    For example: if the Agent machine's hostname is "agentA.emc.lab" then you need to change the agent name in security console to "agentA.emc.lab" instead.
Options 2
Uncomment and give a value to "RSA_AGENT_NAME" in rsa_api.properties file. Then, in Security Console give the same name to that agent record.
For example: You give the value of "RSA_AGENT_NAME" in rsa_api.properties as "AgentA",  then, in Security Console, you need to set the agent record name to: "AgentA"  as well.

Attachments

    Outcomes