000012533 - Run as Different User option generated a node secret mismatch with RSA Authentication Agent 7.2.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 12, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000012533
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Agent
RSA Version/Condition: 7.2.1
Platform: Windows

The RSA Authentication Manager real-time authentication activity monitor reports the following error after using the Run as different user option on Microsoft Windows 2012 R2 where RSA Authentication Agent 7.2.1 for Windows is installed and configured:

Node secret mismatch: cleared on agent but not on server

CauseThe permissions on the node secret file named securid are not available to the user whose credentials have been entered when running the Run as different user feature on WIndows (Ctrl + Shift + right-click executable).
ResolutionRSA Authentication Agent for Windows 7.2.1 for Windows stores its configuration files in the C:\Program Files\Common Files\RSA Shared\Auth Data folder by default.

The Windows administrator could deactivate User Access Control (UAC) to resolve access issues to the node secret file and Microsoft has provided information on this.  Please visit Windows Server 2012: Deactivating UAC for more information on deactivating the UAC. 

Where UAC is required, the administrator would change the permissions on the node secret file to use read access for authenticated users.

NotesHere is an example of the securid Properties - Security tab where the RSA Authentication Agent 7.2.1 for Windows was installed on a standalone Microsoft Windows 2012 R2 server.

User-added image
Legacy Article IDa60330