000032891 - Service account is no longer able to authenticate to RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 25, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032891
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
The service account that accesses network equipment using a fixed passcode stopped working.  The following error is reported:

Authentication method failed

User-added image
CausePossible causes for the authentication failure are:
  • This is a new service account and the passcode needs to be changed after the initial setup.
  • This is an existing account that has stopped working, due to a token policy that requires a periodic change of the fixed passcode.

If this is a new service account 

After the passcode has been initially set for the service account from the Authentication Settings option on the Security Console, the administrator must

  1. Go to the Self-Service Console (e.g., https://FQDN:7004/console-selfservice).
  2. Log in with that account. 
  3. At login, he will be prompted to enter a new passcode.
  4. The service account should work after the new passcode has been set.

This is an existing account that has stopped working

  1. In the Security Console select Authentication > Policies > Token Policies > Manage Existing.
  2. Scroll down to the section labeled Fixed Passcode Lifetime.
  3. If the Require periodic changes box is checked, you may uncheck it to avoid this issue happening in the future.
  4. If you choose to keep the setting, then go to the Self-Service Console to set a new passcode as explained above.