I review the RSA Adaptive Authentication server logs on a daily basis and seldom find three error messages I don't understand:
Reason Code: 1203 Invalid/Expired/Reset Session ID
Reason Code: 1502 User is not enrolled
Could not decrypt/unwrap device token
I tried to reproduce these errors in my test environment but to no avail.
Hi Patrick,
the Reason Codes are documented in the RSA Adaptive Authentication (On-Premise) 7.x Web Services API Reference Guide (versions v7.1 and earlier) or the RSA Adaptive Authentication (On-Premise) 7.x API Reference Guide (versions v7.2 and later), in Appendix "API Error Messages".
These and other manuals for currently supported RSA Adaptive Authentication on Premise (AAoP) versions are available on the RSA Link RSA Adaptive Authentication Documentation pages.
For these messages (info in italics is from the v7.3 manual):
Reason Code: 1203 Invalid/Expired/Reset Session ID
The error code is issued when either the session Id is invalid or the session is expired. As a result, the processing error prevents successful completion of the SOAP request . This could indicate nothing has been sent from the application to RSA Adaptive Authentication On Premise (AAoP) for a while for the session, and the session timed out on the server. Check the timings in the log of previous messages for the session. Compare that to authentication method timeouts configured in the Administration Console. The session timeout settings and their default values are documented in the RSA Adaptive Authentication (On-Premise) 7.x Operations Guide (also available on RSA Link RSA Adaptive Authentication Documentation pages), section "Authentication Methods Parameters". The other possible cause is that the application has a logic error causing it to send the wrong session id for the user's session, or is sending events for an expired or reset session.
Reason Code: 1502 User is not enrolled
The user is not enrolled in the Adaptive Authentication system. If your application is designed to allow unenrolled users to attempt to authenticate with AAoP, this message is expected in that circumstance and so can be ignored. If your application is not expected to allow unenrolled users to attempt to authenticate with AAoP, then there is a logic error in your application that has allowed the attempt.
Could not decrypt/unwrap device token
See this RSA Knowledgebase Article for possible cause: 000021674 - Explanation for AA log file errors . Other possible causes are a logic error in your application causing it to send a wrong or corrupted/invalid device id to AAoP for the user's device, or a corrupted/invalid cookie or FSO on the end user's device.