000011938 - RSA RADIUS fails to configure on Microsoft Windows 2008 R2

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011938
Applies ToGroup Policy Object
 Microsoft Windows 2008 R2
RSA Authentication Manager 7.1 Service Pack 4
IssueRadius configuration fails on Windows 2008R2
The problem arises when Group Policy Objects (GPO) are applied.
Cannot configure RSA Radius on Microsoft Windows 2008 R2. Operations Console - Deployment Configuration - RADIUS - Configure Server.  There was a problem processing your request.  unknown system error.
<RSA_HOME>\radiusoc\ only has two files after installation
 Unable to complete Authentication Manager configuration successfully
ProductException: (error code = 601; message="Failure executing E:\Program Files\RSA Security\RSA Authentication Manager/config/configUtil.cmd, return code=1")
CauseRSA investigation has narrowed it down to: Network security : LAN Manager authentication level  Send NTLMv2 response only. Refuse LM & NTLM
RSA RADIUS will not configure correctly where the Group Policy Object has been applied.
ResolutionIf the specific GPO fix does not work, other options are to Install AM 7.1 as a Domain Admin and not a local Administrator, or to remove the AM Server from the Domain so no GPOs apply

A work around would be to remove the Group Policy Object prior to installation of the RSA Authentication Manager 7.1 software or modify the Group Policy Object using the following instructions:



As an administrative user, logon to the Microsoft Windows 2008 R2 server


Click Start - Programs


Select Administrative Tools


Select Local Security Policy


In the left-hand pane; select Local Policies under Security Settings


In the left-hand pane; select Security Options under Local Policies


In the right-hand pane scroll down to Network Security: LAN Manager authentication level


NOTE: The security setting is either ?Not Defined? by default or configured for something else


Right-click Network Security: LAN Manager authentication level and select Properties


Click the down-arrow and select Send LM & NTLM ? use NTLMv2 session security if negotiatedand click Applyto save the change


Click OK to return to the Local Security Policy application


To close the Local Security Policy application, select File and Exit.  May need to reboot.


Should you still experience a problem configuring RSA RADIUS where the RSA Authentication Manager 7.1 Service Pack 4 software has been installed Microsoft Windows 2008 R2, Reboot and stop and Start Services, as this could take a while, then after that please contact RSA Customer Support.

Legacy Article IDa56646