Slow authentication with RSA Authentication Agent 7.x for Windows
Originally Published: 2020-05-28
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.x, 7.3.x, 7.4.x
Issue
Cause
The symptom is found in the SIDAuthenticator(LogonUI).log on the Windows agent machine:
....
....
2020-05-22 15:40:38.191 11252.6308 [V] [ADSIHelper::ParseGroupName] fullGroupPath = .\test_local_group
2020-05-22 15:40:38.191 11252.6308 [V] [ADSIHelper::ParseGroupName] groupDomainORworkstationName = W-103559, groupName = Support_Users
2020-05-22 15:40:38.191 11252.6308 [V] [ADSIHelper::ParseGroupName] Return
2020-05-22 15:40:38.191 11252.6308 [V] [ADSIHelper::ADSIHelper] groupDomainOrWorkstation is equal to the computer name, so the group is assumed to be a local group
....
....
2020-05-22 15:41:07.020 11252.6308 [V] [ADSIHelper::ParseGroupName] fullGroupPath = "Domain_name"/exampledomainpath
2020-05-22 15:41:07.020 11252.6308 [V] [ADSIHelper::ParseGroupName] groupDomainORworkstationName = TCPL, groupName = R_RSA_Exclude_Challenged
2020-05-22 15:41:07.020 11252.6308 [V] [ADSIHelper::ParseGroupName] Return
2020-05-22 15:41:07.020 11252.6308 [V] [ADSIHelper::isDomainGroup] The group is assumed to be a domain group
....
....
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::cacheUserGroupInfo] Stored UserLocation: USER_NOT_IN_GROUP
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::cacheUserGroupInfo] Stored TimeStamp: 0x5ec7f293
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::cacheUserGroupInfo] Return
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::checkUserInGroup] userLocation = USER_NOT_IN_GROUP
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::checkUserInGroup] Return
2020-05-22 15:41:07.450 11252.6308 [I] [sidChallenge::getChallengeType] userLocation is: USER_NOT_IN_GROUP
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::getChallengeType] bStaleResult = false
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::getChallengeType] challengeType = CHALLENGE_USER
2020-05-22 15:41:07.450 11252.6308 [V] [LACPolicies::~LACPolicies] Enter
2020-05-22 15:41:07.450 11252.6308 [V] [LACPolicies::~LACPolicies] Return
2020-05-22 15:41:07.450 11252.6308 [V] [RsaDesktopConfig::~RsaDesktopConfig] Enter
2020-05-22 15:41:07.450 11252.6308 [V] [RsaDesktopConfig::~RsaDesktopConfig] Return
2020-05-22 15:41:07.450 11252.6308 [V] [sidChallenge::getChallengeType] Return
2020-05-22 15:41:07.450 11252.6308 [I] [LACAuthenticator::isChallenged] getChallengeType has determined that the user is challenged.
2020-05-22 15:41:07.450 11252.6308 [V] [LACAuthenticator::isChallenged] Return
2020-05-22 15:41:07.450 11252.6308 [I] [LACAuthenticator::Authenticate] User is challenged
....
....
Resolution
Change the challenge settings either to exclude or include either the local group or the Active Directory group for a better performance.
To change the challenge settings locally,
- Open the Control Center and select Challenge users.
- Change the Group field accordingly.
To change the challenge settings through the domain controller GPO,
- Click Start > Administrative Tools > Group Policy Management.
- If necessary, double-click the domain name in the left-hand frame to expand it.
- If necessary, double-click Group Policy Objects to expand it.
- Right-click the policy with the template you must edit, for example, Default Domain Policy, and click Edit.
- Double-click Policies from Computer Configuration.
- Double-click Administrative Templates: Policy definitions (ADMX files).
- Double-click RSA Desktop > Local Authentication Settings.
- Double-click Challenge Users on the right window.
- Change the Group field accordingly.
Related Articles
Removing ACE/Agent 4.4 on Windows 2000 and installing ACE/Agent 1.1 for Windows 2000 RRAS Number of Views Windows desktop machine does not display last logged in user ID with RSA Authentication Agent 7.x for Microsoft Windows Number of Views Determine the challenge mode of RSA Authentication Agent 7.x for Windows from Windows registry Number of Views Interoperability between RSA Authentication Agent 7.x for Microsoft Windows and RSA Authentication Agent for Web for IIS Number of Views Installing RSA Authentication Agent 7.x for Windows on Microsoft Windows Server Core Edition using msiexec.exe Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
