Multiple Remote Desktop Session Hosts token import problem
I could use some help if anyone has a solution.
I am IT at a non-profit in which employees are using the RSA Soft Token in order to access some NY State web sites.
Now with everyone working from home I am having a problem with the soft tokens on our Windows Remote Desktop Session Hosts.
We have multiple session hosts that users access through a Remote Desktop Gateway, and the RD Connection Broker load balances so users don't always get the same session host.
We use a user profile disk in our RD setup, so user profiles on the session hosts are redirected to the user's specific profile disk.
The problem I am having is importing the token file on one host works OK, but when a user tries to import a token while connected to a different session host, they get a blank screen asking them to select a device where the token will be stored, but the list is blank.
I've found some seemingly relevant articles in the knowledge base
000011874 - RSA SecurID Software Token for Microsoft Windows shows blank screen when asked to select a device where the token will be stored
000032390 - Installing the same RSA SecurID Software Token 5.0 for Windows on different machines without reimporting
None of these are specifically addressing remote desktop sessions the way we are set up, and although I tried them, nothing has resolved this.
The last thing I did was install the RSA software version 5.0.2 on the session hosts with the following command:
msiexec /i RSASecurIDToken502x64.msi /qn /l*v install.log SETROAMING=TRUE SETSINGLEDATABASE=TRUE SETCOPYPROTECTION=FALSE SETDATABASEDIR=%AppData%\RSA
Still no success.
If anyone has the answer I'd sure appreciate it.
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
We have a newer build 18.104.22.1681 which has some fixes, and will facilitate roaming database.
It's roaming options may help you work out your scenario.
However I am not sure this will remedy your situation...as I obviously have not dug into your specific issue.
Check help/about for your current version, which is likely .440
so, start with this version: hotfix 1775 [build 581]
the kit has been qualified by QE
(the readme for 1775 will show to upgrade or full install and talks about the roaming capabilities and restrictions)
Please open a support case and request RSA Software Token for Windows Desktop Hotfix 1775 [SWTDT-1775]
That special build of RSA Software Token can facilitate roaming profiles, which could solve the token storage dilemma (storage would be where the profile is located) but it also has limitations in that same area, (users roaming profile location may vary based on the specific version of windows) so is not widely available. It would need to be deployed with assistance from RSA support to make sure it is working correctly and whatnot.
Is anyone working at the state agency that administers the RSA Authentication Manager instance? If you contact them, they can open a support case on your behalf and add you as a designated contact.