000012500 - RSA SecurID Windows password integration with the Citrix Web Interface

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012500
Applies ToRSA Authentication Agent for Windows
Microsoft Windows
IssueRSA SecurID Windows password integration with the Citrix Web Interface
Unable to update the password cached by the RSA SecurID ACE/Agent. Check that the RSA SecurID ACE/Agent and ACE/Server versions are compatible and that both the ACE/Agent and the ACE/Server are configured to use Windows password integration.
Error 14004
CauseIncorrect version of RSA Agent installed on the Citrix XenApp Web Interface Machine
Windows Password not enabled at the system level (RSA Authentication Manager)
5580/TCP Blocked 
ResolutionCheck that the RSA Authentication Manager and RSA Authentication Agent for Web for Internet Information Services versions are compatible.
In addition, check that the RSA Authentication Manager database system parameters are configured to enable Windows password integration at the system level.
You should also make sure you have installed appropriate latest hot fix for the RSA agent 
Make sure the port 5580/TCP is open bidirectional between the RSA Server and RSA Agent (Web Interface)
To use SecurID Windows password integration with the Web Interface for Microsoft Internet Information Services:

The RSA ACE/Agent Local Authentication Client for Windows must be installed on the Web server (administrators must log on to the Web Interface using local server administrator credentials)

 The Web Interface must be installed after installing the RSA ACE/Agent

 The RSA Authentication Agent Offline Local service must be running on the Web server

 The Agent Host for the Web server in the RSA ACE/Server database must be configured to enable the Windows password integration feature

 The database system parameters must be configured to enable the Windows password integration feature at the system level

 The Port 5580/TCP must be enabled bidirectional between RSA Server and RSA Agent (Web Interface)

 The entry in "path"\windows\system32\drivers\etc\services for "sdoad 5580/tcp? should be added manually and restart the client machine.
See Windows Password Integration does not work for Citrix Web Interface
Legacy Article IDa59562

Attachments

    Outcomes