This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

How to test authentication from RSA Authentication Agent 1.0.2 for Microsoft AD FS 3.0 when it fails with a UDP packet creation error.

Article Number

000036439

Applies To

RSA Product Set:  SecurID
RSA Product/Service Type:  RSA Authentication Agent for AD FS
RSA Version/Condition:  1.0.2
Platform: Microsoft AD FS  3.0
O/S Version:  Windows 2016 Server
 

Issue

After a successful first test authentication, subsequent test authentications are failing from the RSA Authentication Agent 1.0.2 for AD FS 3.0 running on Windows 2016 Server with the following error:

UDP Packet Creation Error.
 
Image descriptionImage description

Cause

Listed below are the probable causes for the error.
  • The presence of antivirus software on the user's machine,
  • User privileges,
  • Incorrect DNS name resolution for the machine on which the RSA Authentication Agent 1.0.2 for AD FS is installed, 
  • A local Windows firewall.

Resolution

  1. Ensure that the DNS name resolution is successful for the AD FS agent: 
    1. Log on to the Operations Console of the appliance.
    2. Click Administration > Network > Network Tools.
    3. From the Select Command drop-down list, choose NSLookup to verify the IP address or hostname.
    4. Click Run Command.
Image descriptionImage description
  1. Make certain that the IP address override is properly configured for the AD FS agent installed on the AD FS server (see 000029015 - Using an IP address override to fix an initial authentication failures with RSA Authentication Manager when the error Authentication Method Failed displays for information on how to configure an IP override).
  2. Perform an automatic rebalance from the primary Authentication Manager server's Security Console:
    1. Select Access > Authentication Agents > Authentication Manager Contact List > Automatic Rebalance.
    2. Click Rebalance.

  3. If the node secret was saved on the agent machine, especially if the server indicates the node secret was sent, verify if read and write permissions is given for C:\Program Files (x86)\RSA Security\RSAWebAgent (where the node secret is written by default):

    1. Right click on the location folder.
    2. Select Properties > Security
    3. Click Edit.
    4. Check the Full Control option
    5. Click Apply then OK.
Image descriptionImage description
  1. Clear any existing node secrets, both on the agent and the server.
    • Clearing the node secret on server
    1. ​Login to the primary's Security Console.
    2. Select Access > Authentication Agents > Manage Existing.
    3. Right click on the agent and select Manage Node Secret from the context menu.
    4. Check the Clear the node secret option.
    5. Click Save.
    • Clearing the node secret on agent
    1. On the AD FS server, click StartAppsRSA Control Center to launch RSA Control Center.
    2. Under SecurID Settings, select Advanced Tools.
    3. Click Clear Node Secret.
    4. Click Yes.

If Windows Server is installed in Server Core mode, launch Control Center from the command line by running RSAControlCenter.exe from C:\Program Files\Common Files\RSA Shared\RSA .NET\.

  1. Disable any firewall or installed antivirus software on the AD FS server.
  2. Run the RSA Authentication Agent 1.0.2 for AD FS application with elevated privileges using the Run as Administrator option and try multiple test authentications.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 08:13 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.