000022647 - How to allow devices on network with 'Blank Machine Names' to be authenticated by Microsoft Windows when RSA SecurID is not enabled

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022647
Applies ToRSA Authentication Agent 6.1
Domain Authentication Host (DAH)
Microsoft Internet Security and Acceleration (ISA) Server
RSA SecurID for Windows domain authentication challenge is set to OFF
IssueHow to allow devices on network with "Blank Machine Names" to be authenticated by Microsoft Windows when RSA SecurID is not enabled
Error: "Agent Debug:  File:SUBAUTH.cpp Line:511 # Access denied. Workstation is empty; returning STATUS_INVALID_WORKSTATION"
ResolutionThis scenario is when installing the Domain Authentication Host software on domain controllers as part of a phased rollout. Once the RSA Domain Authentication Host (DAH) application is installed, any device on the network that performs a Microsoft Windows Authentication, but leaves its machine name blank will be denied by SecurID. Perform the steps below to allow this authentication:

Edit Settings on the Authentication Agent 6.1 on the Domain Controllers

1. Temporarily Enabled RSA Challenge by navigating to RSA Security Center > Configuration > Domain > Server > Challenge

2. Edit Advanced Domain Settings, and enable "Ignore blank name authentication requests

3. Disable the challenge in step one
Legacy Article IDa29784