Authentication Agent, AAWin v. 7.4.4 on Citrix Windows non-persistent VDI node secret mismatch
Originally Published: 2021-06-07
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.4.x
Platform: Windows
Platform (Other): authentication failures
O/S Version: 10, Server 20xx
Product Name: null
Product Description: null
Issue
1. Windows Agent auto-registers and creates Node secret (which will be used to encrypt all subsequent authentications). Node secret created on agent C:\ disk drive.
2. User logs out but does not shutdown and VDI destroys the write-cache including the agents node secret which is on the disk.
3. Testing shows failed authentications after write-cache cleared, node secret mismatch - cleared agent not server
Cause
Resolution
The RSA Authentication Agent for Windows was not designed to function in this Use Case.
Workaround
To resolve this issue, you wouls need to reset the node secret by clearing the node secret on the AM server.
You could reboot the Windows agent to allow auto-registration to create a new node secret on both the agent and the AM server
The ReST agent API could be used instead of the UDP agent, MFA agent for windows v.2.0.x, which does not use a node secret.
A daily AMBA job to clear Server node secrets on auto-registered node secrets would probably not be practical nor good enough to work all the time.
Notes
Related Articles
2950 DRAC card vulnerability Number of Views RSA Access Manger error message 'This stream has been closed'. Number of Views DSA-2019-134: RSA Identity Governance and Lifecycle Product Security Update for Multiple Vulnerabilities Number of Views DSA-2019-188: RSA Authentication Manager Security Update for Dell EMC iDRAC Vulnerability Number of Views DSA-2019-190: RSA Authentication Manager Cross-Site Request Forgery CSRF Vulnerability Number of Views
Don't see what you're looking for?
