000024600 - Resolve logon errors from Quick Admin or Remote Admin

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024600
Applies ToRSA ACE/Server 5.2
RSA Authentication Manager 6.0
Quick Admin
Remote Administration
Unix
Windows
Appliance 2.0.x
IssueResolve logon errors from Quick Admin or Remote Admin
Error: "User is currently authenticating from another process" in RSA ACE/Server Remote Administration
Error: " Sd_AdmLogin Error User is currently authenticating from another process. Error code: 2000." in Quick Admin
Error: "SIMULTANEOUS AUTH detected" followed by "PASSCODE REUSE ATTACK detected" in ACE/Server log monitor
Administrators using RSA ACE/Server Remote Administration or Quick Admin are frequently locked out for 20 minutes when they try to log in
CauseWhen an administrator tries to log in and fails, the user's token record is locked for an interval of time (a maximum of 20 minutes based on the type of token). Thus, when the user tries to authenticate the next time (within the maximum 20-minute timeframe), they receive an error message that the user is already authenticating from another process. This occurs because there were some places in the database where the User's Auth Reservation window is not cleared. This symptom can be experienced using Remote Administration and Quick Admin as well.
Resolution

This issue has been corrected in a hot fix for RSA ACE/Server & RSA Authentication Manager. Contact RSA Security Customer Support to obtain the following hot fixes:

- RSA ACE/Server 5.2: defect ID # tst00043002

- RSA Authentication Manager 6.0.x - defect ID # B16608

-RSA Authentication Manager 6.1- This version already has the fix built into it. It requires only below described environmental variable.

The hot fix consists a file sdadmind, which should be replaced in ace/prog directory on primary and replica servers. The environmental variable can be set in a startup script for RSA Authentication Manager.

On Unix:

cd ace/prog
./sdsetup -config (This will correct the file permissions.)

Set the environment variable "RSA_MAX_AUTHRES_WINDOW" and a value 2.

RSA_MAX_AUTHRES_WINDOW=2

This requires the stopping and starting ACE/Server services.

 

On Windows:

Right click "My Computer" > properties > Advanced

under "Startup and Recovery" select "Environment Variables"

under "System variables" select "New"

for "Variable name" enter RSA_MAX_AUTHRES_WINDOW

for "Variable value" enter 2

click ok

This requires the stopping and starting ACE/Server services.

Legacy Article IDa27397

Attachments

    Outcomes