SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000033333
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
Issue
- Authentication to restricted agents with users in AD is failing with the following error:
Principal does not belong to any groups activated on restricted agent
- The system activity monitor shows a failure to read the identity source group:
Image description- Granting access to some groups via Access > Authentication Agents > Manage Existing then selecting the Restricted tab then choose to Grant Access to More User Groups > select group(s) and get error as below:
There was a problem processing your request.
The identity source association of the user group <group_name> has changed. Run the Scheduled Identity Source cleanup job to update the User Group association. You must re-configure the group data related to Authentication Manager, for example access to restricted agents, restricted access times and notes.
Image description- Test connections in Operations Console are all successful
- Running Clean Up Unresolvable Users or restarting services doesn't help .
Cause
There was a change in domain controllers, but the cause of the error is unknown.
Resolution
- In Security Console navigate to Setup > Identity Sources > Schedule Cleanup.
- Click the Schedule Cleanup checkbox and set the Run Time for the job.
- When done, click Save.
- Navigate to Administration > Batch Job to check that the batch job is complete.
- Select user groups to grant access to the restricted authentication agents. Select Access > Authentication Agents > Manage Existing.
- Click the Restricted tab and select Grant Access to More User Groups from the Action Menu.
- Search and select group(s) then click Grant Access to User Groups.
In this article
