|Applies To||RSA Authentication Agent 7.0.2 for web |
RSA Authentication Agent 7.0.1 for Windows
Windows 2008 server
|Issue||Installing RSA Authentication Agent 7.2.1 (LAC) and Web Agent 7.1.1 on same machine|
Using the RSA Authentication Agent 7.0.2 for web on the same machine as the RSA Authentication Agent 7.0.1 for Windows
Installing RSA Agent for web and local authentication client on 2008 server causes "Node verification failure" message in the log
Node verification failure
RSA SecurID agents store a dynamically generated encryption key in a file known as a 'node secret'.
This means that with a default installation, one agent cannot use the node secret created and stored by the other.
This has been identified as a defect and a workaround is provided here. The below steps are applicable to all newer build of Agents.
1. Install RSA Authentication Agent 7.0.2 Web on 2008 server.
2. Define the web server as Agent host on Authentication Manager.
3. Perform the authentication test in Security center.
4. Enable SecurID on a web site and restart IIS services.
5. Test the authentication from browser.
6. Install RSA Authentication Agent 7.0.x for Windows.
7. Restart the machine.
8. Edit the registry. Start --- > run ----> regedit. Edit the following registry key to have the value as shown
Key type: (REG_SZ)
HKLM\SOFTWARE\RSASecurity\RSA Authentication Agent\AuthDataDir = C:\Windows\System32
9. Navigate to Administrative tools services panel. Restart RSA Agent service offline local authentication service.
10. Launch RSA Security center and perform authentication test on Windows Agent.
11. If the above works, enable SecurID on a group and login as SecurID challenged user.
Now both Agents will work on same web server enabling to protect the desktop and web sites as well.
Refer RSA Authentication Agent 7.1 for Web for IIS 7.0 and 7.5 Installation and Configuration Guide, page 22 for details.
Co-existence of the WebAgent and the Windows Agent
Follow the guidelines below to complete configuration steps for the agents to work together:
1. As the agent host for Windows Agent has already been registered in the Authentication Manager, the administrator must use the same agent host entry for the WebAgent. For more information on this, see Chapter 2, ?Preparing for
2. If the Windows agent is working successfully with the Authentication manager, the node secret will already be present in the agent host. The administrator should use the same node secret with the WebAgent. As the node secret format is
The name of the node secret file should be securid. After the node secret is converted, copy it to the Web Agent installation location.
At the time of writing the command to convert the node secret is
agent_nsload -c <Existing_Securid_file_path> <New_Securid_dir_path>
|Legacy Article ID||a52620|