Cause | The following sequence of events explains why the user access is denied:
- The user enters the correct username and passcode on the authentication agent or RADIUS client.
- The authentication agent or RADIUS client sends this information to Authentication Manager server A.
- Authentication Manager server A sees the packet and responds back to the agent with Authentication Success.
- The Authentication Activity Log shows authentication success for this user.
- Authentication Agent A never receives this reply packet, or it does not receive the packet before the timeout for the next authentication try. For example, if the agent retries communication every five seconds, then if the response has not arrived within five seconds, then the next authentication attempt will occur.
- As the agent never receives the reply, it then makes another request which goes to either the same server or a different server.
- The Authentication Manager responds to the request. As the passcode has already been used, the second authentication request is denied. The failure messages are written in the log.
- The agent receives the access denied reply packet.
If the client response delay is set to a large number (>6) the same behavior may happen, as the client may timeout and resend the authentication request, while the RSA server still waiting due to increasing the response delay. To edit this value:
- Login the Security Console as a super admin.
- Navigate to Setup > System Settings > Agents.
- Edit the client response delay value. By default the value is set to two seconds.
|