Should I be looking for an updated RSA Auth Agent?
I am setting up new production machines with our RSA Auth Agent 220.127.116.11 package. I have noticed the HKLM\SOFTWARE\Policies keys are not being created during installation. This results in successful Authentication tests from the RSA control center. However, when you try to Authenticate during login it will always fail.
I was able to re-mediate by comparing the Registries of authenticating and non-authenticating machines with RSA. I'm now importing the missing keys to the new machines. I have a feeling this was cause by permission changes in a Windows update. Is there an updated RSA Authentication Agent I should be using instead of manipulating the Registry?
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- Token Auth
- Token Authentication
- Token Authenticator
- Token Authenticators
How many agent machines do you have that need an update? Depending on how many you can decide if it is better to manually update your existing agents or upgrade to RSA Authentication Agent 7.4.2 for Microsoft Windows You can download the agent by clicking the link.
Currently I'm setting up 7 machines for production deployment. They are Dell Latitude laptops running Win 10 version 1903 (OS Build 18362.239) I downloaded and installed RSA Auth Agent 7.4.2 and had the same issue. I'm running the installation as admin but something is stopping these keys from being written during the installation.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings]
This can be normal depending on the specific situation.
If you have all the agent GPO set as 'not configured', there will be nothing in the registry for policy.
Example: agent 18.104.22.168 installed, 'not configured' on all GPO
Registry for policies, nothing for RSA
Now, as soon as I enable one GPO (Challenge Users, but challenge is still OFF)
the registry will start to populate with the minimum settings (and more as you enable more GPO)
If I go back and select 'not configured' for the Challenge Users GPO again, those policy registry entries will be deleted.
**Of course of you have a Domain Controller pushing down RSA agent GPO, those can/will override local GPO settings.