000022537 - Authentication via proxy on Domain Controller fails with error: 'Authentication failed due to network connection failure (-1073731410)' in RSA Authentication Agent

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022537
Applies ToRSA Authentication Agent 6.0.2
Microsoft Windows Server 2003
Domain Authentication Client (DAC)
IssueAuthentication via proxy on Domain Controller fails with error: "Authentication failed due to network connection failure (-1073731410)" in RSA Authentication Agent
Error: "Rootcert subject name does not match the server issuer name" in aceclient.log
CauseThe root certificate in Microsoft Windows' /system32/ folder does not match the root certificate used to sign the server certificate
ResolutionIf you cannot locate the original root certificate, create a new root certificate and new server certificates for all Domain Controllers (DC):

1. Copy the sdroot.crt to Microsoft Windows' /system32/ folder and reboot the DC. Make sure you use the same sdroot.crt file used to create the server certificate.

2. Restart the DC and test SecurID authentication via proxy again

3 If authentication is successful, copy the sdroot.crt file to all DC's and Domain Authentication Client (DAC) machines

4. Restart each server and test the authentication via proxy. Test the SecurID login from DAC machines.
Legacy Article IDa31262

Attachments

    Outcomes