Devices running Windows 10 or Windows 11 operating system crash on reboot the machine after RSA MFA Agent 2.3.x for Windows is installed
Originally Published: 2024-03-22
Article Number
Applies To
RSA Product/Service Type: RSA MFA Agent 2.3.x for Windows
Agent Version/Condition: 2.2.1, 2.3.x
Issue
With the release of RSA MFA Agent 2.2.1 for Windows and RSA MFA Agent 2.3.0 for Windows some customers reported operating system crashes when Windows Password Integration (WPI) is disabled and they had a third-party password management/rotation tool (e. g., Windows LAPS, Cyber Ark, etc.) installed on the agent machine. The agent goes into the WPI loop when it should not, and it was interfering with the third-party tool causing the operating system to crash.
Issue 2:
Another cause of the operating system crash is because of the unavailability of a registry key (Local Authentication Settings) and the values inside it (especially the ones which are mentioned below).
Resolution
The issue was fixed in RSA MFA Agent 2.3.0 HF1 for Windows and later RSA MFA Agent 2.3.1 for Windows.
Resolution for Issue 2:
Before rebooting the machine and after installing RSA MFA Agent 2.3.1 for Windows, open the registry and confirm that HKLM/Software/Policies/RSA Desktop/Local Authentication Settings exists.
If it exists, ensure that the GPO policy Specify logging options is enabled on the domain controller and that the registry keys have these values:
- EnableLogs
- Level, Rotation
- RotationFileSize
Normally the registry key/values will get inserted/updated once you do a gpupdate /force on the agent machine. In case the gpupdate /force command fails or displays any warnings, the registry key/values may not get updated. In all cases, verify that the above-mentioned registry entries are in place before rebooting the machine to avoid crashing the operating system after installing the agent. In machines that are not connected to the domain, the local GPO policy should have the Specify logging options set to Enabled and the option to Enable offline authentication is not set to Disabled.
The above-mentioned issue will be fixed in the upcoming patch release of MFA (MFA 2.3.2).
Related Articles
Node secret mismatch error when authenticating with an RSA Authentication Agent for Windows when NetMotion is installed Number of Views Disable multi-factor authentication (MFA) prompt for "Run as" on machine on which the RSA MFA Agent for Microsoft Windows … Number of Views Enable a web proxy for RSA MFA Agent for Microsoft Windows Number of Views How to identify which operating system is installed on an RSA Identity Governance & Lifecycle Appliance Number of Views Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
