Refresh the Node Secret Using the Node Secret Load Utility

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Feb 12, 2018
Version 3Show Document
  • View in full screen mode

The node secret rarely needs to be refreshed, however there are times when it is necessary. Problems with the node secret can result in authentication or node verification errors. Refresh the node secret when:

  • The node secret on the agent is lost, for example, when you restore the original system image on a hardware appliance or you reinstall the agent.

  • The authentication agent record is either deleted or re-added.

  • The node secret is deleted from one end of the connection but not the other, for example, the node secret is deleted from the RSA Authentication Manager appliance but not from an associated agent.

You do not need to refresh the node secret when you:

  • Change the agent name.

  • Change the IP address.

The Node Secret Load utility, agent_nsload, is located in the RSA Authentication Manager Extras ZIP file.


  1. Create a node secret using the Security Console. For more information, see Manage the Node Secret.

  2. From the RSA Authentication Manager Extras ZIP file, copy agent_nsload from the rsa-ace_nsload directory for the agent’s platform to the agent host.

    RSA provides the following platform-specific versions of the utility:

    • Windows

    • LINUX

    • HP-UX

    • IBM AIX

  3. From a command line on the agent host, run the Node Secret Load utility. Type:

    agent_nsload -f path -p password


    path is the directory location and name of the node secret file.

    password is the password used to protect the node secret file.

Related Concepts

RSA Authentication Agents

Related Tasks

Manage the Node Secret