New PIN Mode and Next Tokencode Mode fail after Cisco ASA upgrade to 9.1.7 in RSA Authentication Manager 8.x
Originally Published: 2016-04-07
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Platform (Other): Cisco ASA
O/S Version: ASA 9.1.7
Issue
- Users are unable to set PINs for tokens.
- Authentication failures when the next tokencode is entered.
Passcode format error and authentication failure
On the Cisco client, the error is:
Session operation failure processing request from agent
Resolution
This is Cisco bug CSCuy89425 (AAA: RSA/SDI unable to set new PIN), and it occurs with the RSA SecurID_Native protocol.
Possible workarounds include:
- Switch to RADIUS protocol (as per the RSA SecurID Access Implementation Guide for the Cisco Adaptive Security Appliance (ASA).
- Authenticate from the Self-Service Console when a token is in New PIN Mode or Next Tokencode Mode.
For more details on how to resolve the issue for a Cisco VPN client or iPhone, review documentation for CSCuy89425 (AAA: RSA/SDI unable to set new PIN).
Related Articles
Configuring a Checkpoint firewall to work with SecurID Number of Views How to enable RSA SecurID protection on Microsoft Outlook Web Access (OWA) Exchange ActiveSync (EAS) and Microsoft Outlo… Number of Views Change Requests missing information in SecurID Governance & Lifecycle Number of Views RSA SecurID Software Token 2.4 for iOS Quick Start (Portuguese) Number of Views RSA SecurID Software Token 2.4 for iOS Quick Start (German) Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
