000033179 - Node Secret issues after setting up the RSA Web Agent 8.0 on a Windows Server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033179
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Web Agent
RSA Version/Condition: 8.0
O/S Version: Windows
  1. Node secret is not getting created.
  2. Test Authentication fails after setting up the RSA Web Agent.
  3. After protecting the WebSite/OWA through RSA Web Agent, the Test Authentication fails from the WebSite/OWA .
  4. On the RSA Authentication Manager, the Authentication Activity Monitor shows "Node Secret Mismatch - Cleared on the Agent but not on the Server".
Permission Issue on the Windows Server where RSA Web Agent is installed.
Resolution1.   Login to the Windows Server as a "Local Administrator" where the RSA Web Agent is installed.
2.   Disable UAC (User Account Control settings).

  1. On the taskbar click Start.

  2. In the search field, type Change User Account Control settings and click Open Change User Account Control settings.

  3. Pull the bar down to the bottom so the options are Never notify me when: Programs try to install software or make changes to my computer and click Ok.

3.   Disable the Windows Firewall.
4.   Disable the Antivirus Software (if enabled with IPS/IDS or Enabled with Enhanced Security).
5.   On the Control Panel, Select and Right Click on the RSA Authentication Agent icon and run as "administrator".
6.   On the "Advanced Tab", set the IP Address Override. (Note: Need to change the Default IP# to the "IP Address of the Windows Server where the RSA Web Agent is installed").
IP Address Override
7.   Do the Test Authentication from the RSA Web Agent by clicking on "Test Authentication with RSA Authentication Manager".
Test Authentication
8.   The Node Secret will be sent from the RSA Authentication Manager to the RSA Web Agent on the 1st Successful Authentication (Check the Node secret on the location "C:\Program Files\RSA Security\RSAWebAgent")
Node Secret Sent
Node Secret Created
9.   Repeat the Test Authentication for 4 to 5 times.
10. Go to the Command Prompt and run "iisreset".
11. Do the Test Authentication from the protected WebSite/OWA.
 11A. If the Test Authentication from the protected WebSite/OWA fails with "Node Secret Mismatch - Cleared on the Agent but not on the Server", then check the node secret location in the IIS which the protected  WebSite/OWA is pointing to.
(Note: This Node Secret issue happens because the protected WebSite/OWA is looking at a different location where the node secret(securid) file is not available).
 11B. Also copy the sdconf.rec, sdstatus.12 & securid.rec (nodesecret) files from C:\Program Files\RSA Security\RSAWebAgent to C:\Program Files (x86)\RSA Security\RSAWebAgent
From Program Files Location 
To Program Files (x86) location
12. Go to the Command Prompt and run "iisreset".
13. Now the Test Authentication will be successful from the protected WebSite/OWA.