The main symptom is a very slow login through the RSA Authentication Agent 7.3.3 and 7.4.x for Windows. It takes a long time for the Windows desktop to appear after the user enters their passcode. Optionally, they next enter their Windows password when prompted, if Windows Password is not enabled. Then it can still take up to five minutes until login finishes and the user can see the desktop. Sometimes the logon will timeout and return the user back to the passcode prompt.
If Windows agent verbose logging is enabled, you will see many of the following symptoms in the various logs.
SIDCredentialProvider(LogonUI).log
m_credState = CS_USER_PW_UNAVAILABLE_CHALLENGED_USER
2014-02-24 18:09:41.167 4904.3900 [I] [Helpers::parseNetbiosOrUpnName] wsLogonName = <domain>\<user ID> 2014-02-24 18:09:41.167 4904.3900 [V] [Helpers::parseNetbiosOrUpnName] Return 2014-02-24 18:09:41.167 4904.3900 [I] [Provider::getCredentialProviderUsers_PreWindows8] samUsername: <domain>\<user ID> 2014-02-24 18:09:41.167 4904.3900 [I] [Provider::getCredentialProviderUsers_PreWindows8] Adding user: <domain>\<user ID>, Logon status: Logged on, Other user: False, DefaultCredential: False
2014-02-24 18:09:41.167 4904.3900 [I] [Provider::getCredentialProviderUsers_PreWindows8] Adding user: Other User, Logon status: , Other user: True, DefaultCredential: False
2014-02-24 18:09:41.183 4904.3900 [V] [Helpers::getMachineJoinedDomain] getMachineJoinedDomain() -- Failed to find default domain from Registry Key -- return the primary domain.
2014-02-24 18:09:41.885 4904.3900 [V] [RsaDesktopConfig::RsaDesktopConfig] Unable to open policy key "SOFTWARE\Policies\RSA\RSA Desktop\Common Settings", error = 0x2 2014-02-24 18:14:04.197 3476.4980 [E] [CredentialProviderFilterPolicy::buildFilterPolicyMap] Error trying to obtain subkeys
2014-02-24 19:05:53.346 2532.2064 [E] [AuthMechWrapper::authenticate] AuthMech getDomCredential failed to retrieve size: 0x17
2019-02-24 19:13:34.663 3028.3760 [E] [AuthMechWrapper::authenticate] AuthMech authenticate failed: 0x8
/opt/rsa/am/server/imsTrace.log
[3740] 11:35:29.983 File:loadbal.c Line:3077 # Enters get_response_segs() [3740] 11:35:29.983 File:loadbal.c Line:3089 # get_response_segs() [0x04AB7FD0] OK2 cnt=2, ptr=4ab9834 [3740] 11:35:29.983 File:loadbal.c Line:3113 # get_response_segs(): processing segment #0, type 8 [3740] 11:35:29.983 File:loadbal.c Line:3517 # get_response_segs() da download segment [3740] 11:35:29.983 File:loadbal.c Line:3546 # TDB-store tokInterval and lenPIN in da_handle. [3740] 11:35:29.983 File:loadbal.c Line:3581 # get_response_segs DA Download: disable on server [3740] 11:35:29.983 File:loadbal.c Line:3113 # get_response_segs(): processing segment #1, type 9 [3740] 11:35:29.983 File:loadbal.c Line:3645 # get_response_segs() login password segment [3740] 11:35:29.983 File:loadbal.c Line:3662 # get_response_segs login password seg status: 2 [3740] 11:35:29.983 File:loadbal.c Line:3753 # Leaving get_response_segs() [3740] 11:35:29.983 File:acutil.c Line:165 # SyncAPICallback(): curr=0x04AB7FD0 handle=0x433F552B - Set Event Result Code: 0 [2624] 11:35:29.983 File:newsd_api.c Line:348 # Leaving SD_Check() return(auth status): 0 [2624] 11:35:29.983 File:acexport.c Line:1501 # Entering AceGetDAAuthData() [2624] 11:35:29.983 File:acexport.c Line:1647 # Leaving AceGetDAAuthData() return: ACE_SUCCESS [2624] 11:35:29.983 File:acexport.c Line:1313 # Entering AceGetLoginPW() [2624] 11:35:29.983 File:sddiskio.c Line:129 # enter get_node_secret [2624] 11:35:29.983 File:sddiskio.c Line:133 # node secret returned from cache [2624] 11:35:29.983 File:aceda_uti.c Line:45 # Leaving DoNodeSecretHash: Success [2624] 11:35:29.983 File:acexport.c Line:1368 # Leaving AceGetLoginPW() return: ACE_SUCCESS
C:\ProgramData\RSA\LogFiles\SIDAuthenticator(LoginUI).log
2019-02-24 19:35:27.924 3188.2624 [I] [LACAuthenticator::Authenticate] User is challenged 2019-02-24 19:35:27.971 3188.2624 [V] [CommonAuthenticator::initAceClient] SD_Init succeeded. 2019-02-24 19:35:27.971 3188.2624 [E] [CommonAuthenticator::isAutoRegistrationServiceInstalled] Unable to open auto registration service: error = 0x424 2019-02-24 19:35:29.983 3188.2624 [I] [CommonAuthenticator::getTokenSerialNumber] AceGetDAAuthData success: token serial number = 2019-02-24 19:37:34.629 3188.2624 [E] [CommonAuthenticator::setWindowsPassword] AceSetLogonPW failed: aceRet = 0x7d3 2019-02-24 19:37:34.629 3188.2624 [V] [CommonAuthenticator::setWindowsPassword] Return
C:\ProgramData\RSA\LogFiles\DAService(da_svc).log
DASvcDpsLink::establishConnection( dpsPort=5580, dpsAddress=bb020a0a ) starts. [File:da_svc_dpslink.cpp Line:154 Family:DA_SVC ] 2019-02-21 20:48:44.114 1292.1520 [I] DASvcDpsLink::isConnected starts [File:da_svc_dpslink.cpp Line:400 Family:DA_SVC_API ] 2019-02-21 20:48:44.114 1292.1520 [I] DASvcDpsLink::isConnected there is no connection returning false UserChallengeStateInfo::UserChallengeStateInfo() - Failed getting the dayfile directory from the re registry [File:challengedinfoserializedhashmap.cpp Line:19 Family:DA_SVC ] RequestDispatcher:RequestHandler error DaSvcNetworkListener::SetupNotifications nla failed DaSvcServiceMain() - The DisableDAServicePolicy indicates that the DA Service is enabled, delete the registry key which AuthAPI uses to disable the DA Service. [File:da_svc_main.cpp Line:117 Family:DPS ] 2019-02-24 19:05:18.834 1276.1320 [I] deleteDAuthDisableKey()- RegDeleteKey failed, error=2
C:\ProgramData\RSA\LogFiles\DAServiceAPI(LoginUI).log
DaSvcConfig::init: dps port: 5580, dah port: 5580 DpsDL::getFixedBuffer - Failed IsRead check [File:dps_dl.cpp Line:568 Family:DPS ] 2019-02-21 20:52:11.700 3900.1164 [I] DaSvcAPIFactory::exception: Read timeout/failure. DASvcApiLink::serverExchange receive failed. (2003) |