Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000011731 - Explanation of Successful Authentication followed by Passcode Reuse and Bad tokencode seen in log

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000011731
Applies To	User authentication is denied In Authentication Activity Log the following log messages are seen User has not entered the same PIN and tokencode multiple times to authenticate All RSA Authentication Manager Versions and Patch Levels
Issue	Explanation of Successful Authentication followed by Passcode Reuse and Bad tokencode seen in log Authentication Method success for user is seen A short period later from the successful authentication (eg within 1 minute) Passcode reuse or previous tokencode detected for the same user A short period later form the successful authentication Bad Tokencode but good PIN detected for serial number for the token assigned to this user Authentication Method Failed for user. User is denied access
Cause	The following sequence of events explain why the user access is denied User enters the correct username and passcode on the authentication agent or radius client Authentication Agent or Radius client sends this information to Authentication Manager server A Authentication Manager Server A sees the packet and responds back to the agent with Authentication Success. Authentication Activity Log shows authentication success for this user The agent A never receives this reply packet, or it does not receive the packet before the timeout for the next authentication try. For example, if the agent retries communication every 5 seconds, then if the responds has not arrived within 5 seconds, then the next authentication attempt will occur. As the agent never receives the reply, it then makes another request to either the same or a different server The Authentication Manager responds to the request. As the passcode has already been used, then authentication is denied. The failure messages are written in the log Agent receives that access denied reply packet.
Resolution	Take a packet capture on the agent and on the authentication manager server to confirm that packets are correctly being received on the network This is a network issue and not an issue with RSA Authentication Manager and so the network issues should be investigated.
Legacy Article ID	a60212

Attachments

Outcomes

0 Comments

Recommended Content