Hi,
i decided to open separate topic regarding AuthAgent for Windows. Client OS is Windows 10 x64.
After an installation of AuthAgent it let me to login only with SecurID. But it doesn't work...
Therefore i decided to disable SecurID and let users to login with their Usernames and passwords. But it doesn't work as well. I did this via GPO:
This GPO is applied to test computer, but user still required to use SecurID.
How i can disable SecurID for the Windows logon?
Hello Aleks,
Kindly be advised that you will have to change the challenge settings from the RSA control center where the RSA Windows Agent installed, and then go for Advanced Settings -> Challenge settings, then change that to None for example.
So kindly check and advise us back if there is any assistance needed from our side.
Best Regards,
Hello Hussein,
you don't believe me, but actually logon with Windows Password works good. You suggested me this in another topic.
I just expected some changes on logon screen. Now it looks:
I expected this:
Hello Aleks,
So that means that the challenge settings are not working, so please try to change that from RSA Control Center where the RSA Windows Agent installed, and then go for Advanced Settings -> Challenge settings, and change that so we can challenge the user that we wants to authenticate with.
So kindly check and advise us back if there is any assistance needed from our side.
Best Regards,
One of the later Microsoft Windows updates from Aug2016 to Win10 breaks RDP from that Win10 box to any other Windows box if the SecurID agent is installed and that user is RSA challenged. So this might be related, KB attached. If possible could you run the RSA Real Time Authentication Monitor and get verbose agent logs during the problem?
Security Console - Reporting - Real Time Monitors - Auth Monitor
On Agent (might need to boot safe mode or break in - but you could create a challenge group with one user in it) in the RSA Control Center - Advanced Tools - Tracing, check all boxes.
Basically what we would look for here is if nothing is showing in the Server Real Time Monitor, as you reported earlier, the main reason would be nothing was sent or is getting to the AM server. Since Test Auth works, it would not likely be a network or firewall issue. Most often it is a challenge setting, but with the stuff we are seeing lately from Windows 10 updates, Microsoft appears to be tightening access to the network or LAN through security settings, so Win10 could be blocking the auth request. Looking in the local Agent logs will show if user is challenged, if auth request was sent, even auto-reg and offline information. If we see something that looks like a challenged user was blocked from accessing the network, we might need to look at Event logs too. Regards,
hi Jay,
i have no problem. i just didn't configure RSA SecurID properly.
But thank you for the KB.
Hello Aleks,
Kindly be advised that you will have to change the challenge settings from the RSA control center where the RSA Windows Agent installed, and then go for Advanced Settings -> Challenge settings, then change that to None for example.
So kindly check and advise us back if there is any assistance needed from our side.
Best Regards,