000012533 - Run as Different User Generated a Node Secret Mismatch in RSA Authentication Manager 7.2.1 Authentication Activity Monitor

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000012533
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Agent
RSA Version/Condition: 7.2.1
Platform : Windows
IssueReal-time authentication activity monitor reports 'Node secret mismatch: cleared on agent but not on server' after using the 'Run as different user' option on Microsoft Windows 2012 R2 where an RSA Authentication Agent 7.2.1 for Windows is installed and configured.
CauseThe permissions on the node secret file (securid) are not available to the user whose credentials have been entered when running the 'Run as different user' Windows feature (Ctrl + Shift + right-click executable).
ResolutionRSA Authentication Agent for Windows 7.2.1 for Windows stores its configuration files in the C:\Program Files\Common Files\RSA Shared\Auth Data folder (by default).
The Windows administrator could deactivate User Access Control (UAC) to resolve access issues to the node secret file and Microsoft has provided information at URL http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx for deactivating the UAC. Where UAC is required the administrator would change the permissions on the node secret file (securid) to use read access for authenticated users.
NotesHere is an example of the 'securid Properties - Security tab' where the RSA Authentication Agent 7.2.1 for Windows was installed on a standalone Microsoft Windows 2012 R2 server.
User-added image

Legacy Article IDa60330