|Applies To||RSA Authentication Manager 6.x|
RSA Authentication Agent 6.x
|Issue||Error: "No User Password in DB" on log monitor with RSA Authentication Manager|
Error: "Agent Request for Passwd denied" on log monitor
Error: "Offline-Auth Request Granted" on log monitor
Password integration is not working. Windows password is not being updated in ACE/Server.
|Resolution||Password update in RSA Authentication Manager can be forced by changing the user password. On Authentication Manager administration, verify if the Agent host is enabled with Windows password integration. Also, verify if the password integration is enabled at system level in 'Edit system parameters' window by navigating to ACE/Server Database Administration --> System --> Edit System parameters --> Check the box "Enable Windows password integration at system level".|
Refer to the RSA Authentication Manager 6.0 Administration Guide, page 59-61 for details on Offline Authentication and Password Integration
On the client machine, verify if the challenge is set to a group, and make sure the user in question is a member of that group.
Then, force the Password update in ACE/Server database by performing the following steps:
1. Assign a token to user
2. Perform test authentication using that token
3. Log in as user with that token
4. You will then be prompted for Windows password. Type the Windows password. Authentication should be successful.
5. If you are successful, ACE/Server log shows "No user password in DB" message on the log monitor
6. Ctrl-Alt-Del --> Select Change Password. Change the user password
7. Notice the ACE/Server log - "Password updated". The message will be preceded by the IP address of the Agent host machine; verify that it is correct.
8. Log off and log in again as the same user. You will be prompted with SecurID only, and you will be able to login without typing Windows password.
|Legacy Article ID||a25243|