|Applies To||RSA Authentication Agent 6.0.2|
Microsoft Windows Server 2003
Domain Authentication Client (DAC)
|Issue||Authentication via proxy on Domain Controller fails with error: "Authentication failed due to network connection failure (-1073731410)" in RSA Authentication Agent|
Error: "Rootcert subject name does not match the server issuer name" in aceclient.log
|Cause||The root certificate in Microsoft Windows' /system32/ folder does not match the root certificate used to sign the server certificate|
|Resolution||If you cannot locate the original root certificate, create a new root certificate and new server certificates for all Domain Controllers (DC):|
1. Copy the sdroot.crt to Microsoft Windows' /system32/ folder and reboot the DC. Make sure you use the same sdroot.crt file used to create the server certificate.
2. Restart the DC and test SecurID authentication via proxy again
3 If authentication is successful, copy the sdroot.crt file to all DC's and Domain Authentication Client (DAC) machines
4. Restart each server and test the authentication via proxy. Test the SecurID login from DAC machines.
|Legacy Article ID||a31262|