000025865 - Cannot download offline authentication on some DC machines

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025865
Applies ToRSA Authentication Agent 6.1.2
Microsoft Windows 2003 Server
IssueCannot download offline authentication on some DC machines

 

The Agent trace below indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting.

16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(229): DASvcDLReceiver::run() - received a OP_USER_SECRET
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(571): DASvcDLReceiver::receiveUserSecret - entry
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(630): DASvcDLReceiver::receiveUserSecret - LAC or DAC receiving user secret?
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=84 (DPS_OP_USER_SECRET)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(210): DASvcDLReceiver::run() - creating new op to read
16:41:46 Thr: 0x9d0 dps_dl.cpp(70): DpsDL::DpsDL network vcheck(1).
16:41:46 Thr: 0x9d0 dps_dl.cpp(71): DpsDL::DpsDL network recvTimeoutSecs(120).
16:41:46 Thr: 0x9d0 dps_dl.cpp(283): DpsDL::startDeserialization check version value1.
16:41:46 Thr: 0x9d0 dps_dl.cpp(310): DpsDL::startDeserialization check version 1.
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(28): DpsDLRequestOp::DpsDLRequestOp() - entering
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(33): DpsDLRequestOp::DpsDLRequestOp() - received Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(214): DASvcDLReceiver::run() about to switch on op type
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(259): DASvcDLReceiver::run() - received unexpected OP
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(289): DASvcDLReceiver::run() - returning DA_PROTOCOL_ERROR (17)


The Agent trace above indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting.  The AuthMgr will only do this if it thinks the Agent host is a DAC or DAH.  It is possible that the LAC/DC must have been converted from a DAC/DAH.

This has been part of the release notes in cumulative hot fix 138. This has been described as BugID 55499.  When you convert your deployment from the Domain Authentication solution to the Local Authentication solution, custom settings, such as the location of the offline days file folder, are reverted to default settings. After replacing the Domain Authentication Server component with the Local Authentication client component, users are unable to download offline days.


To resolve this issue:

1. Remove the Agent Host record for the domain controller from the Authentication Manager database.
2. Add the Agent host it manually  ( or by auto registration ) as a Net OS Agent.
3. Use the RSA Security Center on the domain controller to clear the Node Secret on the domain controller.
4. Perform test authentication. Offline data will download immediately.
 

 

Legacy Article IDa37870

Attachments

    Outcomes