This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
NickSchumacher
Beginner
Beginner
‎2018-05-15 10:23 AM

Windows authentication prompting passcode but accepts password

Jump to solution

I am trying to troubleshoot an issue where the user enters the password/passcode. Currently the user will enter their passcode and then are prompted to enter their windows credentials. If the user locks their computer, within 90 minutes they are able to enter their windows credentials. If it is after 90 minutes then the user will need to enter their Pin + RSA token. The problem happens when within the 90 minutes the authentication screen on windows 7 displays "Passcode" in the text box. The user will then enter the pin and the RSA token and get authentication failed. That user will usually lock themselves out. The solution to this is entering the user's windows password instead of the passcode. This does not happen for everybody in our system. Does anyone know what is causing this issue and what the solution could be?

 

Thanks!!!

0 Likes
Reply
1 Solution

Accepted Solutions
PiersB
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-16 11:03 AM

Jump to solution

My guess is there may be an issue with how your "Challenge Groups" are configured and the user's memberships therein. 

I would recommend contacting Customer Support for more detailed assistance.

View solution in original post

Reply
2 Replies
PiersB
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-16 11:03 AM

Jump to solution

My guess is there may be an issue with how your "Challenge Groups" are configured and the user's memberships therein. 

I would recommend contacting Customer Support for more detailed assistance.

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to PiersB
‎2018-05-16 11:59 AM

Jump to solution

Piers is right that Challenge group plays into this, but so does Quick PIN unlock, which can be set to Password instead of PIN, then set to work for a specific amount of time until a PassCode is required to unlock

GPO_screenUnlock.png

What you describe, user sees PassCode prompt to Unlock Screen but PassCode does not work, Password does, could happen for at least two reasons;

 1. This user is not challenged, or the challenge lookup failed but the fall-back configuration is to Fail with Not Challenged

 2. This user is challenged, but Quick PIN unlock is configured to accept Password, at least until the 'timeout' in minutes is reached, after which a Passcode would be required to unlock the screen

GPO_screenUnlock2.png

Further complicating this situation is that agents have two settings to trigger the timeout, since the user logged into Windows which is pretty reliable and since the Screen locked which is problematic due to relying on older Microsoft SENS Events to trigger timer based on screen locking. 

 

You could enable verbose agent logging in the RSA Control Center to try to troubleshoot, but it might be a whole lot more productive just to avoid timers based on when the screen locked. 

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.