000016522 - IP address override grayed out on auto-registered agents  Offline data downloads fail

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016522
Applies ToWindows 7 agent
Does the IP shown in the IP address override actually matter?  Yes, for initial authentication it is used in the encryption algorithm so should match the Authentication Agent Primary Address.  For Agent Auto-Registration it controls which IP is presented to Authentication Manager

Let me explain in more detail: 
- As users move around they will connect to the network and obtain different IP address from DHCP 
- our DNS server manages these network changes and matches the device ID to the IP address 
- in some cases, when the PC connects to a different network (obtaining a different ip address), RSA will not recognize the change. For example, if a laptop is connected to network via VPN it will obtain an address like 142.5.213.10. If it then connects here at spruce grove it will then obtain an address like 192.168.37.20. However in RSA Client the IP address will remain stuck at 142.5.213.10, therefore if you try authenticating to the RSA server it will fail. 
- As I indicated earlier, with RSA 6.13 for XP you could go into the setting and change the ip to be the correct current ip address. 
- I should point out that all other network parameters are working, i.e. I can ping the WS with the DNS name, I can remote into the WS with support account, just RSA authentication fails due to incorrect determined network address.
IssueIP address override setting in the RSA Windows Agent Security Center or Control Center is grayed out
Offline data downloads fail
CauseWindows Agents were configured with just a short name, so they auto-registered as AM agents with the short name, but DNA name resolution adds DSN suffix or Domain info to create a Fully Qualified Domain Name, FQDN.  This causes problems when DHCP assigns a different IP address
The IP address override is grayed out because Agent is using Agent Auto-registration. You do not want something hardcoded here that differs from the DHCP address, so the Agent software updates this and prevents even administrators from changing it.
ResolutionAn alternate ?fix? or workaround. Add the correct Domain suffix to this Workstation, because it has been configured by short name, but DNS has the FQDN. So when the IP address changes, the agent requests to register by Short name, but Name resolution is tied to FQDN. 
Legacy Article IDa62706

Attachments

    Outcomes