How to use Windows Password Integration with Offline Authentication on an RSA Authentication Agent 7.x for Windows

3 years ago

Originally Published: 2016-07-18

Article Number

000067187

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.x, 7.3.x, 7.4.x

Issue

Windows password integration and offline authentication are two features of the RSA Authentication Agent for Windows. They operate independently, but overlap in that the hashed Windows password created by the agent's user and stored in the RSA database is also stored in the offline day files database.

A Windows password change must be done online in order for a domain controller to learn and accept it. If the change is done from the authentication agent itself, the new Windows password hash is learned by RSA Authentication Manager and stored in the server's internal database.

If offline days are refreshed, this new Windows password hash is downloaded to the authentication agent within the offline day files database.

If you change the Windows password, then go offline without refreshing offline days, the offline authentication Windows password integration fails because the offline database has the old Windows password hash.

Tasks

Refresh offline days after changing the Windows password in order to download that new Windows password hash to the offline days database for this user. This allows them to complete Windows password integration when offline.

Resolution

Refresh offline days, which might involve a new online login, and this updates the agent offline Windows password integration for this user on this agent. Do not attempt to change the Windows password a second time before refreshing OA days, as it may cause temporary problems such as hanging or freezing of the Windows system.

Don't see what you're looking for?

Related Articles

Trending Articles