000025858 - RSA SecurID authentication fails because user does not exist in RSA ACE/Server database

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025858
Applies ToRSA Authentication Manager
RSA ACE/Server
RSA Authentication Agent
All Microsoft Windows Platforms
IssueRSA SecurID authentication fails because user does not exist in RSA ACE/Server database
Error: "User not in database"
Error: "User not on Agent Host"
The error "User not in database" typically occurs when the Default Login passed from the RSA ACE/Server Agent Host does not match any default login in the ACE/Server database. When the error "User not on Agent Host" is preceded by "User not in database", it is a result from the Agent Host not being "Open to all locally known users", thus is a Domino Effect error. If the user does not exist in the database, it wouldn't be activated to any particular Agent Host.
ResolutionBe sure to view the Log Monitor to view the syntax of the user login passed by the Agent Host. If may not match your records in the ACE/Server database due to human error on the input, or possibly due to the Agent Host sending extracurricular information attached to what the user may have entered. For example, RSA ACE/Agents are able to attach Domain Information to a User:
    Control Panel --> ACE Agent Icon --> Local --> Send Domain with Username to RSA ACE/Server
By default, this option is not selected. If it were selected, ACE/Agent would attach a Distinguished Domain Name to the Username (e.g. johndoe could appear as domainname/johndoe). That means the user in the ACE/Server database should be listed in the same format.
Legacy Article IDa26328