Joaquin (Customer) asked a question.

Edited July 11, 2024 at 6:05 PM
I'm not able to sign in from a workstation using the RSA Authenticator Agent for Windows, but if I run a test from the same computer (using a local account) it's successful. What's wrong?
  • 5 answers
  • 667 views

  • EricaChalfin (RSA)

    @Joaquin (Customer)​ 

     

    I would start by looking at the authentication logs. Are you seeing messages like "bad PIN but good tokencode?" That message is showing up because the user is not entering the correct PIN value. The reverse message of "good PIN but bad tokencode" means that you should try resynching the token to see if that resolves the issue. A message like "passcode format error" means that too few or too many characters were submitted for authentication.

     

    If nothing jumps out as a cause for the failure, please contact technical support for assistance.

     

    Feel free to post the errors that you are seeing in the logs but remember not to post personally identifiable information. Please redact user IDs, agent names, IP addresses, token serial numbers, etc. before posting. We would really only need to see the data from Columns G and H of the authentication activity report titled Result Key and Result, respectively.

    Expand Post

  • Joaquin (Customer)

    It's not leaving logs in the RSA AM monitor when it fails, but if I run the test tool inside the agent it shows successful logs.

  • FrankMiller (RSA)

    Check your Challenge setting in the GPO. By default it's set to none. This would give you the exact results you are seeing

  • Joaquin (Customer)

    Just enabling will do it? Because I tried that and didn't work. I enabled it and selected All Users with exceptions and added the local admins(.\administrators). It just gave me a failed message with no logs in the console and after a few attempt it locked me out from domain.

  • FrankMiller (RSA)

    Try this, use your domain password instead of your PIN and tokencode

Don't see what you're looking for?