000017645 - Third-party products using RSA Authentication Agents to send authentications are failing to authenticate

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017645
Applies ToRSA Authentication Agent 7.x for Windows
RSA Authentication Manager 7.1 Service Pack 4
RSA Authentication Manager 8.0
RSA Authentication Manager 8.1
IssueFixing a node secret issue with a third-party product.
Authentications are working from the RSA Security Center Authentication Test feature but the third-party product is failing authentications.
Node secret mismatch: agent and server using different node secrets.
CauseSome third-party products are still using the older folder locations for the node secret e.g. C:\Windows/system32 whereas later version of the RSA Authentication Agents are using a new folder location to store the node secret e.g.  C:\Program Files\Common Files\RSA Shared\Auth Data

A workaround would be the following:


Open the RSA Control Center (from the Windows Control Panel).


Click Advanced Tools and check the Clear Node Secret button ? where the button is grey the authentication agent has no node secret however where the button is bold and black a node secret is present. Where the agent has no node secret an administrator can use the Advanced Tools > Test Authentication feature to perform an authentication where a node secret is created by the authentication and sent to the agent.


Where the RSA Authentication Agent has a node secret, an administrator can copy the node secret file (securid) from the folder e.g. C:\Program Files\Common Files\RSA Shared\Auth Data to the C:\Windows\system32 folder.


A typical third-party product that uses an RSA Authentication Agent is CITRIX.


Please contact RSA Customer Support should you still require assistance with an RSA product integrated with a third-party product.

Legacy Article IDa68172