|Applies To||RSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)|
Microsoft Windows NT 4.0
Microsoft Windows NT SP6
|Issue||Network Access Protection error: "possible configuration error."|
Users who have already successfully SecurID-authenticated are getting an error dialog box for no apparent reason: "Connection attempt failed. Possible configuration error. Please contact your system administrator."
error: "Connection attempt failed. Possible configuration error. Please contact your system administrator."
error: "possible configuration error."
|Cause||The SSL handshake does not complete. This can happen in a few different scenarios:|
1. Network Communications fail such that the initial connection is made but the
handshake fails to complete, for example, the ack is never received, etc...
2. The root certificate on the end user machine does not match the root certificate
from which the server certificate for that DC was created.
|Resolution||Once network communications are functioning properly, there are no more "possible configuration errors". For the second cause you would have to find the matching sdroot.crt and put that in place on the end user machine in the folder \winnt\system32\aceclnt.|
Stop and start the RSA Network Authentication service from the services panel, in order for the change to take effect.
If necessary, a new root certificate and server certificate may need to be created.
Distribute the new sdroot.crt to all end user machines, and then stop and start the service.
|Legacy Article ID||a516|