RSA Product Set: SecurID

RSA Product/Service Type: Microsoft UAG and TMG

• Node Secret Mismatch
• Authentication method failed
• Node verification failed

1- Manually create the Node Secret by using the SDTEST.EXE utility. 
This method assumes that there is currently no node secret file (SecurID) located in <windir>\system32 and you have a valid Configuration File (SDCONF.REC) located in <windir>\system32

2- Run the SDTEST.EXE utility. 
This utility allows you test user authentication from an Authentication Agent to the RSA Authentication Manager Server. 

3- Upon a successful user authentication, the Node Secret file (SecurID) will be created in the <windir>\system32 folder.

4- Copy SECURID from <windir>\system32 to …\Microsoft ISA Server\sdconfig
 

Additional Notes on using the SDTEST.EXE utility:

• The SDTEST Authentication utility verifies that a TMG Server can authenticate to RSA Authentication Manager using valid credentials and requires the SDCONF.REC file to be located in \<win32>\system32 to run successfully.
• You may need to run SDTEST.EXE as Administrator if your logged in account does not have the proper permissions to write the file SecurID to the system32 folder.
• If this is the first time authenticating to the RSA server with this user, you may be prompted to create a PIN.
• If so, enter a new PIN number. When a new PIN is created, the RSA authentication Passcode for this user will now be:

  <PIN><passcode displayed on the token>

• The SDTEST.EXE tool (RSA Test Authentication Utility) is available in the TMG 2010 Tools & Software Development Kit available here:

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11183

Note: The SdTestPack.exe contains the utility.