|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA Authentication Agent for Windows
RSA Version/Condition: 7.0
O/S Version: Windows 7
|Issue||The following error appears when attempting to authenticate with the RSA AUthentication Agent 7.0 for Windows installed on Windows 7:|
Logon failure. User account restriction. Possible reasons are blank passwords are not allowed. Logon hour restriction. OR a policy restriction has been enforced.
When the above error appears, the login information is not written to the Event Viewer's security.log.
|Workaround||As a workaround:|
1. Create a domain group called windows7 group on the DC.
2. Add the user to the group.
3. Set challenge on the agent for the domain group windows7.
4. The user with SecurID can log on to the domain from the Windows 7 machine.
Note: This will fail if the user is a member of a group which is set to SecurID challenge on the DC because the login process is expecting a session certificate from Windows 7 which does not exist.
A SecurCare note about discontinuing support for Domain Authentication was sent in 2007 and reposted on 12 June 2008
1. Uninstall the RSA Authentication Agent from the domain controller.
2. Install a Local Authentication Client (LAC) component from RSA Authentication Agent 6.1.3 on Windows 2003 domain controller.
3. Install RSA Authentication Agent 7.0.x on Windows 7.
|Legacy Article ID||a58302|