|Applies To||RSA Authentication Manager 7.1|
RSA Appliance 3.0
|Issue||User ID = SYSTEM|
Authentication agent not found
Time Activity Key Description Reason User Agent Server Node Client
ID IP IP
2010-12-13 Lookup Authentication Lookup authentication agent by IP address Authentication agent not SYSTEM N/A 10.32.28.52 N/A
08:32:39.547 agent ?220.127.116.11? found
The Agent and Client IP fields are listed as "N/A" and the User ID is listed as "SYSTEM" , however the description field correctly identifies that an authentication has been sent from a device with an IP address of 18.104.22.168.
An authentication has been sent from a device where the Source IP address (which could be seen in a network trace) cannot be found as an IP address of any known Authentication Agent in the RSA Authentication Manager 7.1 system (the system will look both at the IP address field for the agent and any Alternate IP Addresses listed.
The User ID field cannot be interpreted (as the data packet is encrypted) and so shows up as "SYSTEM"
The first thing to consider is whether the IP address ("22.214.171.124" in this example) is a valid address, this might be a hack attempt from a device which should not be on your network!
If the address is valid then you should either add a new Authentication Agent to your RSA Authentication Manager 7.1 or identify that it should be an existing agent but is coming from a different IP address than what was expected (this maybe due to DHCP, someone manually changing and IP address, DNS having a wrong entry or maybe just a mis-type somewhere)
|Legacy Article ID||a53184|