000035006 - Node secret mismatch when testing authentication of RSA Authentication Agent for Web: IIS with RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 6, 2017Last modified by RSA Customer Support on Apr 22, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035006
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web: IIS
RSA Version/Condition: 7.x, 8.x
O/S Version: Windows Server 2008, R2, 2012, 2012 R2
IssueAfter using the RSA Authentication Agent for Web: IIS agent control panel as the admin user to generate the node secret the following error occurs when testing authentication from the browser:
Node secret mismatch


CauseThe IIS service does not have permissions to access the RSA Authentication Agent for Web: IIS directory under C:\Program Files\RSA Security\RSAWebAgent, which has the node secret file. 
ResolutionEnsure that:
  1. The node secret file is named securid and the RSA Authentication Agent for Web: IIS installation directory has the user IIS_USRS, with at least read and execute permissions.  Be sure to validate that the permission were inherited from there.
  2. Right click on the folder/file and select Properties then click on the Security tab.
  3. Click Edit > Add.

User-added image

  1. WebID has SecurID as the App Pool

User-added image

  1. The SecurID App pool is running with the identity of LocalSystem
    User-added image