000029329 - RSA Authentication Agent 7.2.1 for Windows displays incorrect number of failed attempts on interactive logon screen

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Feb 19, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029329
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1
Platform: Windows 2008, Windows 2012
  • RSA Authentication Agent 7.2.1 for Windows displays an incorrect number of failed attempts on the interactive log on screen. 
  • The agent does not display the correct number of failed attempts.
  • It displays zero as the number of failed log in attempts no matter how many times user fails to logon.
  • Display information about previous log on attempts doesn’t work when RSA Agent Installed.
  • It does not matter whether Windows Password Integration is enabled or disabled.
  • The result is that the RSA agent changes the default Windows logon behavior and fails to provide correct interactive log on information even though there were unsuccessful attempts.
CauseThe displaying of number of failed log in attempts during the log in process is a new feature and it was introduced in Windows 2008 and Windows 2012. Microsoft has introduced this new functionality and it requires making new calls to get this data.

This issue has been reported in defect AAWIN-2148.
ResolutionThis issue has been resolved in RSA Authentication Agent 7.2.1 [72]. Contact RSA Technical Support to obtain the most recent build for the agent.

Following is a description of the two modes of agent log on processing:
  • The Do Not Preserve History (default) mode enables display of descriptive authentication failure messages to users during logon but does not preserve failed authentication history for display at successful logon, when Windows is configured to show last interactive logon information.

  • The Preserve History mode returns a generic authentication failure message in response to a failed authentication attempt during log on but correctly shows the number of failed authentication attempts within Windows last interactive log on information.
The two modes of agent execution are configured by a new GPO template called RSADesktop_PreserveFailedAuthHistory.adm.  This template is provided in the Policy Templates portion of the kit.  Install the new GPO template using the gpedit.msc.
Invoke the GPO for configuring the agent. The presentation of mode choices are:
  1. Do Not Preserve Auth History
  2. Preserve History
To direct the agent to run in default mode, select Do Not Preserve Auth History.
To correct the behavior described in the JIRA defect select Preserve History.

Be sure to click Apply for your selections to take effect.