This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JungChoi
Beginner
Beginner
‎2016-11-16 10:54 AM

RSA authentication fails only on inital log on page.

I am currently unable to authenticate users from the GINA page of the VMs that users are using.

 

I can test authentication fine from the RSA console once I log in as an admin but when I try from the initial log on page of their VMs, the Authentication manager does not even log a failure in the monitor.

 

Any advise would be greatly appreciated.

Labels (1)
Labels
0 Likes
Reply
3 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2016-11-16 11:01 AM

If the Authentication Requests are not showing up in the Real Time Monitor on the AM server, I'd check Agent Challenge settings first; in the RSA Control Center

LAC_Adv_Challenge-None.png

 

If user not challenged, the Auth request goes to Windows or AD.

If user appears to be challenged, then set verbose logging on the agent in RSA Control Center and read the Auth log after the failure

LAC_Verbose_Tracing.png

0 Likes
Reply
JungChoi
Beginner
Beginner
In response to JayGuillette
‎2016-11-16 11:15 AM

Hi Jay,

 

Thanks for the information.

 

I checked those and they are all set as follows:

 

Challenge User option is checked to challenge all users except the domain admins and I checked all options under Tracing (also set Trace Levele to Verbose) but I still do not even get a failure log in the Activity Monitor.

 

We have been using this for months now and not sure why it started to have this issue.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2016-11-16 12:08 PM

It might be worth opening a support case to have your agent logs looked at.

The Authentication requests from a Windows Agent will be sent to UDP port 5500 on either the Primary or Replica(s), so you might need to check for Firewall changes blocking this.

If the firewall was allowing UDP 5500 port traffic through from your agent, the Server Environment status in the RSA Control Center should show your Primary and or replica, and if they are there you can see their IP addresses, so you could verify if they are correct (so that agent not sending to the wrong AM server due to old or incorrect sdconf.rec file)

LAC_ServerEnv.png

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.