This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Slow login to RSA Authentication Agent for Windows 7.x

Article Number

000027676

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.x

Issue

Login is slow when attempting to login using Windows Agent. The trace.log from the agent shows the following: 

[6440] 16:41:58.645 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[5800] 16:42:13.653 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[9072] 16:42:23.668 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[8232] 16:42:28.520 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[9032] 16:42:28.660 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[8556] 16:42:28.660 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[6696] 16:42:29.440 File:acdllent.c Line:89 # DLL_THREAD_ATTACH
[6072] 16:42:29.440 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[6040] 16:42:29.456 File:acdllent.c Line:95 # DLL_THREAD_DETACH
[5112] 16:42:29.456 File:acdllent.c Line:100 # DLL_PROCESS_DETACH

Tasks

The PC the agent is installed on is unable to reach oscp.verisign.net and also to crl.verisign.net over http. If you do a packet capture with wireshark you will see a DNS lookup of these addresses and SYN packets on http port 80 (or potentially over a proxy port). It is looking up the certificate which the RSA Shared Components were signed with to check that they are valid.

Resolution

Allow the PC to access these URLs or disable Verify RSA Shared Components through the GPO.

To disable RSA Verify RSA Shared Components:
  1. In Group Policy Management, navigate to Computer Configuration > Administrative Templates > RSA Desktop > Common Settings.
  2. Double click Verify RSA Shared Components.
  3. Select Enabled.
  4. From the drop down, select Do not verify.
Verifying authenticity makes the system more secure, but verification may impact performance. Verification is on by default. If the GPO option is disabled or not configured, verification is enabled by default. 
 
To disable RSA Verify RSA Shared Components in the registry:
  1. In the Registry Editor, navigate to COMPUTER\HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\RSA\RSA DESKTOP\COMMON Settings\Verification.
  2. Set the value of Verification to 0.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 06:21 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.