Microsoft Windows 2003 Server
The Agent trace below indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting.
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(229): DASvcDLReceiver::run() - received a OP_USER_SECRET
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(571): DASvcDLReceiver::receiveUserSecret - entry
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(630): DASvcDLReceiver::receiveUserSecret - LAC or DAC receiving user secret?
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=84 (DPS_OP_USER_SECRET)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(210): DASvcDLReceiver::run() - creating new op to read
16:41:46 Thr: 0x9d0 dps_dl.cpp(70): DpsDL::DpsDL network vcheck(1).
16:41:46 Thr: 0x9d0 dps_dl.cpp(71): DpsDL::DpsDL network recvTimeoutSecs(120).
16:41:46 Thr: 0x9d0 dps_dl.cpp(283): DpsDL::startDeserialization check version value1.
16:41:46 Thr: 0x9d0 dps_dl.cpp(310): DpsDL::startDeserialization check version 1.
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(28): DpsDLRequestOp::DpsDLRequestOp() - entering
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(33): DpsDLRequestOp::DpsDLRequestOp() - received Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(214): DASvcDLReceiver::run() about to switch on op type
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(259): DASvcDLReceiver::run() - received unexpected OP
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(289): DASvcDLReceiver::run() - returning DA_PROTOCOL_ERROR (17)
The Agent trace above indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting. The AuthMgr will only do this if it thinks the Agent host is a DAC or DAH. It is possible that the LAC/DC must have been converted from a DAC/DAH.
This has been part of the release notes in cumulative hot fix 138. This has been described as BugID 55499. When you convert your deployment from the Domain Authentication solution to the Local Authentication solution, custom settings, such as the location of the offline days file folder, are reverted to default settings. After replacing the Domain Authentication Server component with the Local Authentication client component, users are unable to download offline days.
To resolve this issue:
1. Remove the Agent Host record for the domain controller from the Authentication Manager database.
2. Add the Agent host it manually ( or by auto registration ) as a Net OS Agent.
3. Use the RSA Security Center on the domain controller to clear the Node Secret on the domain controller.
4. Perform test authentication. Offline data will download immediately.
Related Articles
RSA SecurID Software Token for Android Downloads Number of Views Download Troubleshooting Files Number of Views SCIM API for User Modification Number of Views How to verify that RSA Authentication Agent for Windows can perform challenge user lookups across different Active Directo… Number of Views Pop up blocker displays when downloading multiple files from myRSA Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
