000018464 - Network Access Protection error: 'possible configuration error.'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018464
Applies ToRSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)
Microsoft Windows NT 4.0
Microsoft Windows NT SP6
IssueNetwork Access Protection error: "possible configuration error."
Users who have already successfully SecurID-authenticated are getting an error dialog box for no apparent reason: "Connection attempt failed. Possible configuration error. Please contact your system administrator."
error: "Connection attempt failed. Possible configuration error. Please contact your system administrator."     
error: "possible configuration error."
CauseThe SSL handshake does not complete. This can happen in a few different scenarios:

1. Network Communications fail such that the initial connection is made but the
   handshake fails to complete, for example, the ack is never received, etc...

2. The root certificate on the end user machine does not match the root certificate
   from which the server certificate for that DC was created.
ResolutionOnce network communications are functioning properly, there are no more "possible configuration errors". For the second cause you would have to find the matching sdroot.crt and put that in place on the end user machine in the folder \winnt\system32\aceclnt.

Stop and  start the RSA Network Authentication service from the services panel, in order for the change to take effect.

If necessary, a new root certificate and server certificate may need to be created.
Distribute the new sdroot.crt to all end user machines, and then stop and start the service.
Legacy Article IDa516

Attachments

    Outcomes