Node secret mismatch when testing authentication of RSA Authentication Agent for Web: IIS with RSA Authentication Manager
Originally Published: 2017-04-05
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web: IIS
RSA Version/Condition: 7.x, 8.x
O/S Version: Windows Server 2008, R2, 2012, 2012 R2
Issue
After using the RSA Authentication Agent for Web: IIS Agent Control Panel as an admin user to generate the node secret, the following error appears when testing authentication from the browser
Node secret mismatch
Cause
The IIS service does not have permissions to access the RSA Authentication Agent for Web: IIS directory under C:\Program Files\RSA Security\RSAWebAgent, which has the node secret file.
Resolution
Ensure that:
- The node secret file is named securid and the RSA Authentication Agent for Web: IIS installation directory has the user IIS_USRS, with at least read and execute permissions.
Be sure to validate that the permission was inherited from there. - Right click on the folder/file and select Properties then click on the Security tab.
- Click Edit > Add.
- WebID has SecurID as the App Pool
- The SecurID App pool is running with the identity of Local System
