000032891 - Service account is no longer able to authenticate to the Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032891
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueService account that accesses network equipment using a fixed passcode stopped working.
User-added image
CausePossible causes:
1-This is a new service account and the passcode need to be changed after the initial set up.
2-This is an existing account that has stopped working, due to a Token policy that requires a periodic change of the fixed passcode.
Resolution1st Cause:
-After the passcode has been initially set for the service account from the authentication settings on the security console, the admin has to go to the self-service console: https://FQDN:7004/console-selfservice and log in with that account, then he will be prompted to enter a new passcode. The service account should work fine after the new passcode has been set.
2nd Cause:
-When you go to Security Console> Authentication tab > Policies > Token Policies > Manage existing.
-Scroll down to the "Fixed Passcode Lifetime" section.
-If the "Require periodic changes" box is checked, you may uncheck it to avoid this issue happening in the future.
-If you choose to keep it, then go to the self-service console to set a new passcode as explained above.