Article Number
000027676
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.x
Issue
Login is slow when attempting to login using Windows Agent. The trace.log from the agent shows the following:
[6440] 16:41:58.645 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[5800] 16:42:13.653 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[9072] 16:42:23.668 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[8232] 16:42:28.520 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[9032] 16:42:28.660 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[8556] 16:42:28.660 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[6696] 16:42:29.440 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[6072] 16:42:29.440 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[6040] 16:42:29.456 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[5112] 16:42:29.456 File:acdllent.c Line:100 # DLL_PROCESS_DETACH
Tasks
The PC the agent is installed on is unable to reach
oscp.verisign.net and also to
crl.verisign.net over http. If you do a packet capture with wireshark you will see a DNS lookup of these addresses and SYN packets on http port 80 (or potentially over a proxy port). It is looking up the certificate which the RSA Shared Components were signed with to check that they are valid.
Resolution
Allow the PC to access these URLs or disable Verify RSA Shared Components through the GPO.
To disable RSA Verify RSA Shared Components:
- In Group Policy Management, navigate to Computer Configuration > Administrative Templates > RSA Desktop > Common Settings.
- Double click Verify RSA Shared Components.
- Select Enabled.
- From the drop down, select Do not verify.
Verifying authenticity makes the system more secure, but verification may impact performance. Verification is on by default. If the GPO option is disabled or not configured, verification is enabled by default.
To disable RSA Verify RSA Shared Components in the registry:
- In the Registry Editor, navigate to COMPUTER\HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\RSA\RSA DESKTOP\COMMON Settings\Verification.
- Set the value of Verification to 0.