This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AleksMarfunenko
Beginner
Beginner
‎2016-08-26 08:29 AM

Agent for Windows locks my logon

Jump to solution

Hi,

i have a Windows Server 2012 R2. There i just installed RSA SecurID Authentication Agent for Microsoft Windows.
Now i can't login with my domain credentials because there is no this possibility.
How i can fix it? i didn't configure any settings in Agent or Authentication Manager but why it locks a normal logon?

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
HusseinElBaz
Employee
Employee
In response to AleksMarfunenko
‎2016-08-30 08:39 AM

Jump to solution

Hello Aleks,

 

So that means that the challenge settings are not working, so please try to change that from RSA Control Center where the RSA Windows Agent installed, and then go for Advanced Settings -> Challenge settings, and change that so we can challenge the user that we wants to authenticate with.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

View solution in original post

Reply
15 Replies
HusseinElBaz
Employee
Employee
‎2016-08-26 09:04 AM

Jump to solution

Hello Aleks,

 

We will need to create a new user on the Security Console with the same name as any of the local administrators on that Windows machine, then assign a fixed passcode to that user by following the below

 

Procedure

1. In the Security Console, click Identity > Users > Manage Existing.
2. Use the search fields to find the user that you want to manage.
3. From the search results, click the user that you want to manage.
4. From the context menu, click Authentication Settings.
5. If you want to assign a fixed passcode to the user, select the Fixed Passcode checkbox.

 

Note: RSA recommends that you do not use fixed passcodes because they eliminate all the advantages of two-factor authentication.

 

Then use the passcode to access the windows machine, so kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

Reply
AleksMarfunenko
Beginner
Beginner
In response to HusseinElBaz
‎2016-08-29 08:24 AM

Jump to solution

Hi Hussein,

Thank you for your answer.
today i added to RSA AuthMan a Active Directory identity source. Now i can see my user there. I assigned a hardware token to my user. i set up fixed PIN - but it still doesn't let user to log in.

 

 

and before i tried to enter passcode, but i don't know the PIN of current Token. I cleared the PIN, but it still doesn't work.

i unchecked requirements of PIN to use only Token code - doesn't work as well...

0 Likes
Reply
HusseinElBaz
Employee
Employee
In response to AleksMarfunenko
‎2016-08-29 08:28 AM

Jump to solution

Hello Aleks,

 

Please try to set the PIN from the self-service console using the below URL

 

Self-Service Console If there is no web tier, enter:
https://<fully qualified domain name>/ssc
https://<fully qualified domain name>:7004/console-selfservice

 

And then set the PIN from there and then try to re-authenticate again. 

 

So please check and advise us back if there is any assistance needed, and advise us with a snapshot from the authentication activity monitor in order to troubleshoot the matter further.

 

Best Regards,

Reply
AleksMarfunenko
Beginner
Beginner
In response to HusseinElBaz
‎2016-08-29 08:55 AM

Jump to solution

i set up the PIN and check it, but Windows 10 still doesn't let me log in...

 

now i'm logged on via VPN connection and ran Authentication in RSA Auth Agent - failed. How can i check connection between RSA Agent and AuthManager?

 

0 Likes
Reply
AleksMarfunenko
Beginner
Beginner
In response to AleksMarfunenko
‎2016-08-29 09:18 AM

Jump to solution

another question:

how can i disable logging with RSA SecureID ? I think, that i have to create new policy and reinstall Agent?
i will use RSA SecureID only with VPN connection

0 Likes
Reply
HusseinElBaz
Employee
Employee
‎2016-08-29 09:26 AM

Jump to solution

Hello Aleks,

 

The authentication logging is enabled by default from the security console under Reporting -> Real-time Activity Monitors -> Authentication Activity Monitor.

 

Then you will be able to see the logs as soon as it hits the server. And also confirm that you already configured the agent on the security console by checking the Access -> Manage Existing, and see if you can check the agent or not, otherwise you can add a new one from the same tab.

 

Kindly be advised that you can also change the logging level be following the below

 

Procedure
1. In the Security Console, click Setup > System Settings.
2. Click Logging.
3. Select an instance.
4. Click Next.
5. From the Trace Log, Administrative Audit Log, Runtime Audit Log, and System Log drop-down lists, select a log level. For a description of each parameter, see Log Configuration Parameters.

 

So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

0 Likes
Reply
AleksMarfunenko
Beginner
Beginner
In response to HusseinElBaz
‎2016-08-29 09:58 AM

Jump to solution

i don't see any logs while authentication. Only logs when i'm testing in WebBrowser:

 

looks like that RSA Agent does not communicate with RSA AuthManager.

i'll check traffic with WireShark

0 Likes
Reply
AleksMarfunenko
Beginner
Beginner
‎2016-08-30 07:42 AM

Jump to solution

so, new update. if i try to test authentication - it works. and i see logs:

 

 

 

but when i logged off, and try to login with SecurID - it doesn't work and there are no logs... Why?

0 Likes
Reply
HusseinElBaz
Employee
Employee
‎2016-08-30 07:45 AM

Jump to solution

Hello Aleks,

 

Can you please confirm that the user you are using is present in both AD and RSA Authentication Manager? There might be a problem with the AD connection and RSA Authentication Manager.

 

Please also try to login with the windows password on the login screen instead of the passcode and advise us back about the output. So kindly check and advise us back if there is any assistance needed from our side.

 

Best Regards,

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.