000035006 - Node secret mismatch when testing authentication of RSA Authentication Agent for Web for IIS with RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 6, 2017Last modified by RSA Customer Support Employee on Jun 6, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035006
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web IIS
RSA Version/Condition: 7.x, 8.x
O/S Version: Windows Server 2008, R2, 2012, 2012 R2
 
IssueRunning the agent interface as an admin, after using Authentication Agent for Web IIS from the agent Control Panel to generate the node secret the following error occurs when testing authentication from the browser>:
 
Node secret mismatch
CauseThe IIS service does not have permissions to access the RSA Authentication Agent for Web for IIS directory under Program Files which has the node secret file.  The directory path is  C:\Program Files\RSA Security\RSAWebAgent.
ResolutionThree points we need to make sure of:
  1. The Node Secret file is named securid and the RSA Authentication Agent for Web for IIS installation directory has the user IIS_USRS, with at least read and execute permissions.  Be sure to validate that the permission were inherited from there.
  2. Right click on the folder/file and select Properties then click on the Security tab.
  3. Click Edit > Add.
User-added image

  1. WebID has SecurID as the App Pool
User-added image

  1. The SecurID App pool is running with the identity of LocalSystem
    User-added image

Attachments

    Outcomes