RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web: IIS
RSA Version/Condition: 8.x
O/S Version: Windows Server 2008, R2, 2012, 2012 R2
 

After generating the node secret using the RSA Authentication Agent for Web: IIS Agent Control Panel with an administrative user account, the following error is displayed when testing authentication from the browser:

"Node secret mismatch"

The IIS service does not have permissions to access the RSA Authentication Agent for Web: IIS directory under C:\Program Files\RSA Security\RSAWebAgent, which has the node secret file. 

Ensure that:

1. The node secret file is named securid 
2. The RSA Authentication Agent for Web: IIS installation directory has the user IIS_IUSRS, with at least Read and Execute permissions. 
   
3. Confirm that these permissions are properly inherited by the file and subfolders.
4. Right click on the folder/file and select Properties then click on the Security tab.
5. Click Edit > Add.

         6. WebID has SecurID as the App Pool

        7.Verification step: Ensure that the SecurID application pool is running under the Local System identity.