This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
MichaelFolsom
Contributor
Contributor
‎2020-07-10 05:12 PM

Getting autoregistration to work on Windows

I have a basic question about using the Auto-registration feature in the Windows Agent.  If you add those capabilities to a Windows agent when it is installed is it still necessary to go into the Security Console of the RSA Authentication Manager and add that system directly as an agent to the system?  I was hoping that Windows Auto-registration did all that for you but now I am wondering if that is true.  Am I taking the term Auto-registration a tad too literally?

 

Thanks -

 

Mike

Labels (1)
Labels
0 Likes
Reply
4 Replies
EdwardDavis
Employee
Employee
‎2020-07-13 08:54 AM

Auto-registration allows a new agent the Security Console has never seen before punch itself into the config automagically. It uses the server.cer file and sdadmreg.exe to do this. The concept is whenever the tcp/ip stack changes on the agent, the autoregistration component tries to reach an RSA server and update it's IP to the current one (in DHCP or VPN IP pool scenarios), or register itself as a new agent. It requires port 5550/tcp connectivity. Manually running sdadmreg -r will attempt a registration right then, so you can test this from command line and watch what occurs if you are troubleshooting.

Reply
MichaelFolsom
Contributor
Contributor
‎2020-07-13 07:32 PM

Edward:

 

Thanks so much for this.  I have made sure that iptables isn't running on my AM server and with telnet I can talk to port 5550 on the system so I know it isn't blocked.  However, when I try to test the connection between the Win 10 client and the server in the RSA Control Center it fails.  The reason listed in the "Authentication Monitor" is "Authentication agent not found".

 

One other thing I have noticed is that if I go into RSA Control Center and look at the Server Environment it says the protocol is UDP and the port is 5500.  I thought I was installing the newer rest agent.

 

Thanks -

 

Mike

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to MichaelFolsom
‎2020-07-14 08:13 AM

REST uses port 5555 and TCP.

 

UDP agent uses UDP for authentication, and TCP for autoregistration and offline days.

 

AM server needs to have the REST config page Saved (apply settings) then it will open the port 5555 in iptables.

By default it is closed off. A onetime 'apply settings' opens it up. Need to do it on replicas too.

 

IIRC the current windows MFA agent 1.2.1 does not autoregister yet. Only the classic windows agent can do that.

0 Likes
Reply
MichaelFolsom
Contributor
Contributor
In response to EdwardDavis
‎2020-07-15 04:00 PM

Edward:

 

Again my thanks -

 

I'd like to pull your response apart if that is ok?

 

"UDP agent uses UDP for authentication, and TCP for autoregistration and offline days."

Here I am assuming you mean:

   Security Console -> Setup -> System Settings -> Authentication Settings -> Agents -> put a check mark in the box before "Agent Auto-Registration" and click on Save to apply settings.

 

"IIRC the current windows MFA agent 1.2.1 does not autoregister yet. Only the classic windows agent can do that."

We have been installing from "RSA_Authentication_Agent_7.4.3.zip" - is this correct?  What is the latest Agent version that can do auto-registration?

 

Again thanks!

 

Mike

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.