Authentication Issues Using A Third-Party RDP Client And RSA Authentication Agent 7.3.3 for Windows
2 years ago
Originally Published: 2018-07-23
Article Number
000042074
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.3.3
Platform: Windows
 
Issue
An end user reports a blank or black screen when performing a remote connection with a third-party RDP client to a Windows platform protected by RSA Authentication Agent 7.3.3 for Windows. It has been reported that some users have been able to use Ctrl+Alt+End to force task manager to open where the end user is then able to access the Windows desktop.

 
Cause
RSA has investigated this issue by reviewing RSA Authentication Agent for Windows debug/trace data which highlighted a possible root cause of the problem. It was found that the third-party RDP client does not handle smart card redirection correctly and thus "breaks" the Monlycrosoft APIs that the RSA Authentication Agent 7.3.3 for Windows relies on to support connected SID800s via the Connected Authenticator feature.
Resolution
As a workaround administrators can disable the Connected Authenticator feature using the RSA Authentication Agent's Group Policy Object (GPO) templates used to configure the RSA Authentication Agent for Windows software. Please refer to the RSA Authentication Agent 7.3.3 for Microsoft Windows Group Policy Object Template Guide at URL https://community.rsa.com/docs/DOC-77534 for information on RSA Authentication Agent 7.3.3 for Microsoft Windows GPO templates.

RSA will implement a new behavior and policy that allows customers to restrict the RSA Credential Provider's support for Connected Authenticator authentications to local sessions (only). This policy will be added to the RSA Authentication Agent's GPO templates and be documented in the RSA Authentication Agent for Microsoft Windows Group Policy Object Template Guide for the next release of RSA Authentication Agent for Windows software. 

NOTE: No timeframe has been set for the next release of RSA Authentication Agent for Windows software as this is still under development however when the next version is released a product advisory will be posted at URL https://community.rsa.com/community/products/securid/advisories. Where customers have an RSA link account and can logon to RSA link they can follow this product advisory page by clicking the 'Following' drop-down selection (next to Actions) and click the Following option.

Related Articles

Trending Articles

Don't see what you're looking for?