RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Microsoft Windows 2000
Microsoft Windows 2000 Advanced Server SP4
RADIUS
Error: "Node verification failed"
A "node secret" is a a system generated encryption key used to encrypt client/server traffic. When an RADIUS ACE/Server option has been enabled and used, the node secret is generated and stored by the system since it functions as an ACE/Agent as well as being the server. When a node secret is generated then stored as a registry key.
If an agent has also been installed on the same machine, the ACE/Agent control panel applet can be used to clear the node secret (if required); however, if no ACE/Agent has been installed, there is no apparent process to delete the node secret (other than using regedit).
A small utility is available from RSA Customer Support that can be used to delete a node secret. To obtain it, contact RSA Customer Support and refer the engineer to this knowledgebase article. The utility is a simple executable called Node_Secret.exe. When run, a dialog box appears with the question "Do you want to clear the node secret". If you click "Yes", the node secret is deleted from the registry and a success message is displayed. If you click "No", a message appears reminding you that you can do it at a later date.
This utility requires three Microsoft DLLs, these are also supplied with the utility, these are MFC42D.DLL, MFCO42D.DLL and MSVCRT.DLL.
Another option is to install an ACE/Agent on the same machine. This will enable you to remove the node secret and will assist in any troubleshooting if needed.
NOTE: This utility is designed for, and has only been tested on, Microsoft Windows 2000.
You may use standard Microsoft tools to delete the entire key which is HKEY_LOCAL_MACHINE\SOFTWARE\ACECLIENT\NodeSecret . Do not simply delete the value, delete the actual named key "NodeSecret"
On Windows 2003 you may use the Microsoft REG.EXE command line functionality to allow for complete manual administration, for example:
To save the current value to a backup file in case a rollback is required:
reg save HKLM\SOFTWARE\SDTI\ACECLIENT nodescret.rec
To delete the value
reg delete HKLM\SOFTWARE\SDTI\ACECLIENT /v NodeSecret
To restore the saved copy because (due to other factors) the original value needs to be restored)
reg restore HKLM\SOFTWARE\SDTI\ACECLIENT nodescret.rec
Related Articles
Authentication Issues Using A Third-Party RDP Client And RSA Authentication Agent 7.3.3 for Windows Number of Views Increasing the number of connections from RSA Authentication Agent 7.3.x for Windows to a Windows platform with RDP Number of Views Group Entitlements are getting added to shared accounts in RSA Governance & Lifecycle Number of Views A newly configured RSA SecurID Access Identity Router is in Inactive state in the Administration Console Number of Views Cisco AnyConnect client displays a second login prompt where RSA Authentication Agent 7.2.1 for Windows is installed Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
