000033242 - Offline days not downloading for RSA Authentication Agent 7.3.x for Windows after enabling Offline Authentication policy in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Mar 17, 2017Last modified by RSA Customer Support on Jan 6, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033242
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.3.x and above

 
Issue
  • Offline days are not downloading to the agent after enabling the Offline Authentication policy in RSA Authentication Manager 8.1.
  • The Authentication Activity Monitor is displaying the following error message:

Offline Authentication Data Download Failed


  • The activity key and description of this failed message are:

Offline Authentication Data Download Failed.

Offline Authentication data download requested by user <user ID> from agent <agent name> using token <token serial number> failed with error message "Failed to send day data."


User-added image


  • On the workstation where the authentication agent installed, the RSA Control Center displays the message:

You are not currently authorized for RSA SecurID offline authentication.

User-added image
CauseThese errors occur if
  • The Minimum Passcode Length does not match the value in the Offline Authentication Policy settings.
  • The appropriate authenticators have not been selected.
  • The appropriate code types have not been selected.
Resolution
  1. Login to the RSA Authentication Manager 8.1 primary server’s Security Console as a super admin user.
  2. Select Authentication > Policies > Offline Authentication Policy > Manage Existing.
  3. Determine if the Offline Authentication Policy which has been selected is the default policy.
  4. Edit the default policy by clicking on the drop down next to the policy and clicking Edit.
  5. Under Offline Authentication Security Settings, select the following options:
    1. Set the Minimum Passcode Length to 8 characters in length.
    2. Under Allow Offline Authentication Using, select the following options
       
      1. PINPad or Software Token
      2. PIN-less Token (doesn't require SecurID PIN)
       
  6. Under Offline Emergency Codes, ensure to select the below options in the Code Types:
    1. Offline Emergency Tokencodes
    2. Offline Emergency Passcodes
  7. Other settings can be left as the defaults or modified based on the requirement.
  8. Click Save.
  9. Try to authenticate and the offline days will be downloaded successfully

Attachments

    Outcomes