000014890 - Node secret mismatch when using 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014890
Applies ToAuthentication Manager Version 7.1
IssueCorrect node secret mismatch
Node secret cleared at agent but still getting node secret mismatch error in Authentication Manager log.
Node secret mismatch: cleared on agent but not on server

To correct a node secret mismatch error; find the "securid" file on the authenticating agent normally located under windows\system32 or in Unix in \var\ace, rename the file or delete it.

If you are using a web agent please locate the node secret in the registry under > HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\ACECLIENT> Node Secret Key

To clear a node secret from the Authentication Manager, access the Security Consoler menu Access > Authentication Agents > Manage existing > locate the affected agent > click on the drop down and select > manage node secret > check the option of "clear node secret" and save.  

Test authentication and monitor the logs

Note: When both the agents co-exists in the same system in windows server, one of the agent authentication fails.. as Webagent stores the node secret in the registry and local authentication agent stores it in the windows\system32. Either the web agent or the LAC would work at a time in the production environment.

For web agents also see  Error: 'Node verification failed' with Citrix Web Interface.

Legacy Article IDa47994