000029329 - RSA Agent 7.2.1 for Windows displays incorrect failed attempts on interactive log on screen

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029329
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
Platform: Windows 2008
Platform (Other): Windows 2012
IssueAgent 7.2.1 for Windows displays incorrect failed attempts on interactive log on screen. RSA Agent 7.2.1 for Windows does not display correct number of failed attempts. It displays zero number of failed log in attempts no matter how many times user fails to log on.Display information about previous log on attempts doesn’t work when RSA Agent Installed.
It does not matter whether Password integration is enabled or disabled.

Result: RSA Agent changes the default Windows log on behavior and fails to provide correct interactive log on information event though there were unsuccessful attempts.
CauseThe displaying of number of failed log in attempts during the log in process is a new feature and it was introduced in Windows 2008 and Windows 2012. Microsoft has introduced this new functionality and it requires making new calls to get this data.
This issue has been reported in defect AAWIN-2148.
ResolutionThis issue has been resolved in build 72 for RSA Authentication Agent 7.2.1. Contact RSA Technical Support to obtain the most recent build for Windows Agent.
Description of the two modes of agent log on processing:
   The Do Not Preserve History (default) mode enables display of
   descriptive authentication failure messages to users during logon
   but does not preserve failed authentication history for display at
   successful logon, when Windows is configured to show last interactive
   logon information.
   The Preserve History mode returns a generic authentication failure
   message in response to a failed authentication attempt during log on
   but correctly shows the number of failed authentication attempts
   within Windows last interactive log on information.
   The two modes of agent execution are configured by a new GPO template,
   This template is provided in the "Policy Templates" portion of the kit.
   Install, with "gpedit.msc", the new gpo template.
   Invoke the GPO for configuring our Agent. The presentation of choices
   for Mode, are the following for response to:
   Preserve Failed Auth History:
   1. Do Not Preserve Auth History
   2. Preserve History
   To direct the agent to run in default mode:
     Select "Do Not Preserve Auth History" 
   To correct the behavior described in the Jira defect:
     Select "Preserve History"
   Be sure to "Apply" selections.