|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
Platform: Windows 2008, Windows 2012
- RSA Authentication Agent 7.2.1 for Windows displays an incorrect number of failed attempts on the interactive log on screen.
- The agent does not display the correct number of failed attempts.
- It displays zero as the number of failed log in attempts no matter how many times user fails to logon.
- Display information about previous log on attempts doesn’t work when RSA Agent Installed.
- It does not matter whether Windows Password Integration is enabled or disabled.
- The result is that the RSA agent changes the default Windows logon behavior and fails to provide correct interactive log on information even though there were unsuccessful attempts.
|Cause||The displaying of number of failed log in attempts during the log in process is a new feature and it was introduced in Windows 2008 and Windows 2012. Microsoft has introduced this new functionality and it requires making new calls to get this data.|
This issue has been reported in defect AAWIN-2148.
|Resolution||This issue has been resolved in RSA Authentication Agent 7.2.1 . Contact RSA Technical Support to obtain the most recent build for the agent.|
Following is a description of the two modes of agent log on processing:
- The Do Not Preserve History (default) mode enables display of descriptive authentication failure messages to users during logon but does not preserve failed authentication history for display at successful logon, when Windows is configured to show last interactive logon information.
The two modes of agent execution are configured by a new GPO template called RSADesktop_PreserveFailedAuthHistory.adm. This template is provided in the Policy Templates portion of the kit. Install the new GPO template using the gpedit.msc.
- The Preserve History mode returns a generic authentication failure message in response to a failed authentication attempt during log on but correctly shows the number of failed authentication attempts within Windows last interactive log on information.
Invoke the GPO for configuring the agent. The presentation of mode choices are:
To direct the agent to run in default mode, select Do Not Preserve Auth History.
- Do Not Preserve Auth History
- Preserve History
To correct the behavior described in the JIRA defect select Preserve History.
Be sure to click Apply for your selections to take effect.