000022997 - Error: 'Invalid Message-Authenticator' in RSA RADIUS Server 6.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022997
Applies ToRSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
EAP-TTLS
IssueError: "Invalid Message-Authenticator" in RSA RADIUS Server 6.1
RSA RADIUS Server debug logs shows the following error:

1/2/2005 15:34:52 Parsing request

1/2/2005 15:34:52 Invalid Message-Authenticator, discarding.

1/2/2005 15:34:52 Discarding invalid request
EAP authentication fails
CauseThis error message normally indicates there is mismatch of the RADIUS Shared Secret between RADIUS Server and RADIUS Client
ResolutionTo correct this issue, verify that the shared secret matches on both the RSA RADIUS Server and the RADIUS Client. On the RSA RADIUS Server, go to RSA Authentication Manager Remote Mode and then to "RADIUS > Manage RADIUS Server"; this will bring up the RADIUS Administration program. Next, go to "Clients" and find the client you are attempting to authenticate through and double click it. In this window, there is a box for the Shared Secret. For troubleshooting, choose a simple Shared Secret, such as "1234". Once EAP authentication is working with the simple secret, you can go back and choose a more complex string for the Shared Secret.

Please refer to your vendor's documentation on how to set the RADIUS Shared Secret on your RADIUS client. This must match the shared secret stored on the RSA RADIUS Server.
Legacy Article IDa29106

Attachments

    Outcomes