This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
KhwajaZiaulHasa
Beginner
Beginner
‎2016-04-06 03:52 AM

RSA ACE/Server Test Directly Fails for Soft Tokens on Mobile

Jump to solution


Hello,

 

For RSA Authentication Agent of IIS 8.0, when we install the agent and perform the test using RSA ACE/Server Test Directly it fails.

I only have software authenticators. I need to test before configuring the Exchange Server for OWA.

When we click on test it shows that it is for keyfobs, and I am testing it for software tokens.

I want to know that whether this testing utility on the agent works for Software Authenticators?

When testing through Activity Monitor I am getting error "Authentication Method Failed".

 

I want to know that is there any method to test Soft Authenticators for that particular agent before configuring the production Exchange.

 

Thanking You

Zia

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2016-04-08 05:06 PM

Jump to solution

Zia,

 

I see that when you are testing the RSA Authentication Agent for Web for IIS, you are seeing the error message "authentication method failed" in the authentication activity log.

 

When an authentication agent runs on a server that has multiple network interface cards and therefore, multiple IP addresses, you must manually specify an IP address for encrypted communications between the agent and Authentication Manager server.

 

The RSA agent software uses the device's IP address both for encryption and for routing packets.  When you created the agent in the Security Console, you provided an IP address for the web server, let's say 1.1.1.1.  If the agent has multiple IP addresses, and the traffic is sent out on 2.2.2.2, the Authentication Manager server does not recognize that address and will display the authentication method failed error.

 

Agents typically attempt to discover their own IP addresses. Left to itself, an agent with multiple addresses might select the correct IP and authentication will succeed, but if it chooses one that is unknown to Authentication Manager server, communication between the agent and server will be impossible, as in your authentication method failed error.

 

To avoid this, you must manually specify an IP address override on the Advanced tab of the RSA Authentication Agent Control Panel. The IP override address that you enter should exactly match the network address specified for the agent host in the server database.

 

For more information on how to set this up, please review the RSA Authentication Agent 8.0 for Web for IIS Installation and Configuration Guide that is in the agent software download.

 

Regards,
Erica

View solution in original post

Reply
2 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2016-04-08 05:06 PM

Jump to solution

Zia,

 

I see that when you are testing the RSA Authentication Agent for Web for IIS, you are seeing the error message "authentication method failed" in the authentication activity log.

 

When an authentication agent runs on a server that has multiple network interface cards and therefore, multiple IP addresses, you must manually specify an IP address for encrypted communications between the agent and Authentication Manager server.

 

The RSA agent software uses the device's IP address both for encryption and for routing packets.  When you created the agent in the Security Console, you provided an IP address for the web server, let's say 1.1.1.1.  If the agent has multiple IP addresses, and the traffic is sent out on 2.2.2.2, the Authentication Manager server does not recognize that address and will display the authentication method failed error.

 

Agents typically attempt to discover their own IP addresses. Left to itself, an agent with multiple addresses might select the correct IP and authentication will succeed, but if it chooses one that is unknown to Authentication Manager server, communication between the agent and server will be impossible, as in your authentication method failed error.

 

To avoid this, you must manually specify an IP address override on the Advanced tab of the RSA Authentication Agent Control Panel. The IP override address that you enter should exactly match the network address specified for the agent host in the server database.

 

For more information on how to set this up, please review the RSA Authentication Agent 8.0 for Web for IIS Installation and Configuration Guide that is in the agent software download.

 

Regards,
Erica

Reply
KhwajaZiaulHasa
Beginner
Beginner
In response to _EricaChalfin
‎2016-04-10 02:54 AM

Jump to solution

Hello Erica,

 

Thanks for your reply. Actually it was not working, so I changed the protocol to be tcp instead of default udp and it worked.

 

Thanks

Zia

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.