This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

There was a problem loading the page when accessing user dashboard in RSA Authentication Manager 8.4

Article Number

000038111

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.3.3

Issue

When RSA Authentication Manager administrators login to the Security Console and go to a user dashboard they get the following error message:

There was a problem loading the page. Please click the refresh button on your browser.

The Recent Authentication Activity panel is blank. Administrators cannot use dashboard anymore.

The /opt/rsa/am/server/logs/imsTrace.log file shows the following errors:
 
2019-10-16 07:31:19,091, [OARequestHandler6], (ProofDaProcessor.java:21), trace.com.rsa.authmgr.internal.oa.engine.OAProcessor, WARN, rsa.abc.com,,,,Proof validation failed
com.rsa.authmgr.internal.oa.OAException: Invalid proof
    at com.rsa.authmgr.internal.oa.engine.ProofDaProcessor.a(ProofDaProcessor.java:77)
    at com.rsa.authmgr.internal.oa.engine.ProofDaProcessor.doRun(ProofDaProcessor.java:43)
    at com.rsa.authmgr.internal.oa.engine.OAProcessor.run(OAProcessor.java:30)
    at com.rsa.authmgr.internal.oa.RequestReceiver.a(RequestReceiver.java:14)
    at com.rsa.authmgr.internal.oa.RequestReceiver$1.run(RequestReceiver.java:1)
    at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:80)
    at com.rsa.security.SecurityContext.doAs(SecurityContext.java:412)
    at com.rsa.authmgr.internal.oa.RequestReceiver.handleConnection(RequestReceiver.java:101)
    at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerTask.run(TCPServer.java:689)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
    at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerThread.run(TCPServer.java:764)
2019-10-16 07:31:19,091, [OARequestHandler6], (OAProcessor.java:17), trace.com.rsa.authmgr.internal.oa.engine.OAProcessor, WARN, rsa.abc.com,,,,Unexpected exception during processing: DA_REQUEST_DATABASE_ERROR
com.rsa.authmgr.internal.oa.OAException: Proof validation failed
Authentication Activity Report_05646847.csv
ERROR    23017    Offline Authentication Data Download Failed    Offline authentication data download requested by user “abc5232” from agent “1234.corp.abc.com” using token “000406000000” failed with error message “Invalid proof”    Failure
 
The above error may appear from a single user a few thousand times.

Cause

The Authentication Activity report confirms that excessive requests for offline data are coming from a rogue machine. A few thousands of these requests reach RSA Authentication Manager per second which make the user dashboard not available. This is due to defect AAWIN-2421 (State of MT AAWin v. 7.3.3[103] agents get invalid proof every 1-2 seconds) in RSA Authentication Agent 7.4.0 and 7.3.3[99] for Windows and earlier. 

These invalid proof failed offline data downloads can become like a Denial of Service (DOS) attack when there are hundreds or thousands of these older Windows agents.  The Real Time Authentication Monitor will look something like this, with Invalid Proof errors every second.

Image descriptionImage description

Resolution

AAWIN-2421 is resolved in RSA Authentication Agent 7.4.3 for Windows. Download the latest version of RSA Authentication Agent for Windows and upgrade the existing agent to resolve the issue.
 

Workaround

Restarting Authentication Manager services on the primary and/or replicas can temporarily halt these invalid proofs.

Likewise, restarting the RSA Authentication Agent Offline Local Service on the Windows Agent will also temporarily halt the agent sending these invalid proofs.

Image descriptionImage description


Another approach for a temporary resolution is to reset the node secret. If you cannot upgrade the agent(s) immediately, do the following:

  1. Clear the node secret via the Authentication Agent Control Center.
  2. Log on to RSA Authentication Manager Security Console.
  3. Navigate to Access > Authentication Agents > Manage Existing.
  4. Search for the agent in question and select Edit from the context menu.
  5. Select Manage Secret.
  6. Place a check in the box labeled Clear node secret.
  7. Click Save.

On the RSA Authentication Agent,

  1. Launch the Control Center.
  2. Select Advanced > Clear node secret.
For further troubleshooting on the RSA Agent,
  1. Open the Control Center and select the Advanced tab
  2. Select Enable Debug and note the location of logs.

Notes

RSA Authentication Agent 7.3.3 99 for Windows has the defect AAWIN-2421.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:36 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.