Fail to authenticate to restricted agents with users in Active Directory in Authentication Manager 8.1
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1 or later
Authentication to restricted agents with users in AD is failing with the following error:
Principal does not belong to any groups activated on restricted agent
The system activity monitor shows a failure to read the identity source group:
Granting access to some groups via Access > Authentication Agents > Manage Existing then selecting the Restricted tab then choose to Grant Access to More User Groups > select group(s) and get error as below:
There was a problem processing your request.
The identity source association of the user group <group_name> has changed. Run the Scheduled Identity Source cleanup job to update the User Group association. You must re-configure the group data related to Authentication Manager, for example access to restricted agents, restricted access times and notes.
Test connections in Operations Console are all successful
Running Clean Up Unresolvable Users or restarting services doesn't help .
There was a change in domain controllers, but the cause of the error is unknown.
In Security Console navigate to Setup > Identity Sources > Schedule Cleanup.
Click the Schedule Cleanup checkbox and set the Run Time for the job.
When done, click Save.
Navigate to Administration > Batch Job to check that the batch job is complete.
Select user groups to grant access to the restricted authentication agents. Select Access > Authentication Agents > Manage Existing.
Click the Restricted tab andselect Grant Access to More User Groups from the Action Menu.
Search and select group(s) then click Grant Access to User Groups.