000031171 - Authentication Manager Node secret mismatch on TMG or UAG

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031171
Applies To

RSA Product Set: SecurID


RSA Product/Service Type: Microsoft UAG and TMG

Issue
  • Node Secret Mismatch
  • Authentication method failed
  • Node verification failed
CauseNode secret is not created on Microsoft TMG or UAG
ResolutionManually create the Node Secret by using the SDTEST.EXE utility. This method assumes that there is currently no node secret file (securid) located in <windir>\system32…and you DO have a valid Configuration File (SDCONF.REC) located in <windir>\system32
Run the SDTEST.EXE utility. This utility allows you test user authentication from an Authentication Agent to the RSA Authentication Manager Server. Upon a successful user authentication, the Node Secret file (securid) will be created in the <windir>\system32 folder.

clip_image006
Copy SECURID from <windir>\system32 to …\Microsoft ISA Server\sdconfig
 

Additional Notes on using the SDTEST.EXE utility…


  • The SDTEST Authentication Utility is used to verify that a computer running TMG Server can successfully authenticate, using valid credentials, to the RSA Authentication Manager. Again, note that SDTEST.EXE requires the SDCONF.REC configuration file to be located in the <win32>\system32 folder to run and test authentication successfully.
  • You may need to run SDTEST.EXE as Administrator if your logged in account does not have the proper permissions to write the file securid to the system32 folder.
  • If this is the first time authenticating to the RSA server with this user, you may be prompted to create a PIN. If so, enter a new PIN number. When a new PIN is created, the RSA authentication Passcode for this user will now be:
    <PIN><passcode displayed on the token>

  • The SDTEST.EXE tool (RSA Test Authentication Utility) is available in the TMG 2010 Tools & Software Development Kit available here:

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11183


On the above page, download SdTestPack.exe which contains the utility.

Attachments

    Outcomes