|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
Platform: Microsoft Windows
|Issue||Setting up RSA Authentication Agent 7.2.1 for Windows to protect a Microsoft Windows 2012 R2 server hosting a third-party product that sends native SecurID authentications to an Authentication Manager deployment is failing with Node Verification Mismatch messages being displayed in the Real-Time Authentication Activity monitor.|
|Cause||By default the User Access Control (UAC) is enabled on the Microsoft Windows 2012 R2 server and this is interfering with the copy task of the node secret.|
|Resolution||Perform the following steps to deactivate UAC on the Microsoft Windows 2012 server and setup the node secrets appropriately for the RSA Authentication Agent for Windows and the third-party product.|
If the deployment is using third party authentication devices such as Check Point, Cisco, SonicWALL, etc., please refer to the third-party documentation on how to clear the node secret from the third-party product.
Performing this step will require a system restart.
a. Use the Node Secret Upload utility (agent_nsload.exe) to move the node secret via command prompt. The syntax would be:
agent_nsload -c "C:\Windows\system32\securid" "C:\Program Files\Common Files\RSA Shared\Auth Data"
Chapter 3: Installing RSA Authentication Agent (page 47) covers the usage of the Node Secret Load utility in the RSA Authentication Agent 7.2 Installation and Administration Guide.
b. It is common that applications running on Windows 2012 to be 64-bit so copy the node secret from \SysWOW64 to \Auth Data directory where applicable with the command:
agent_nsload -c "C:\Windows\SysWOW64\securid" "C:\Program Files\Common Files\RSA Shared\Auth Data"
|Notes||The am-extras-126.96.36.199.0.zip file (found on Download Central where RSA Authentication Manager 8.1 software is obtainable) provides agent_nsload.exe in the Node Secret Utility folder.|
Also, the RSA Authentication Agent 7.2.1 for Windows software provides the Node Secret Upload utility (agent_nsload.exe) file.