000036638 - RSA Authentication Manager Prime throws "Node secret mismatch: cleared on server but not on agent" despite repeated clearing of the secret

Document created by RSA Customer Support Employee on Aug 21, 2018Last modified by RSA Customer Support Employee on Aug 27, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036638
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Prime/Authentication Manager Integration Service (AMIS)
IssueClearing the node secret file named securid for the Authentication Manager Integration Service (AMIS) agent both on the Authentication Manager Security Console and in the ..\RSA\amis\auth folder on the AMIS machine still rejects any login attempts from the (Help Desk Admin Portal (HDAP) or Self-Service Portal (SSP) with the Authentication Activity monitor logging the following error message:

Node secret mismatch: cleared on server but not on agent

User-added image

CauseTypically, AMIS looks for the node secret file in the location defined in the rsa_api.properties file for the SDNDSCRT_LOC variable.  By default, the SDNDSCRT_LOC is set to C:\RSA\amis\auth\securid. 

Clearing the node secret on the AMIS machine under ..\RSA\amis\auth makes no difference, as AMIS still continues to look for the node secret file in C:\RSA\amis\auth\securid and simply rejects the authentication request, as it cannot find one there.
ResolutionTo work around this issue,
  1. Delete the securid file under ..\RSA\amis\auth on the AMIS machine.
  2. Update the rsa_api.properties file so that the SDNDSCRT_LOC points to C:\RSA\amis\auth.