I have a client running AM 8.3 P1 and when they run a report to show remote logins, they are seeing entries on there that say "Agent auto-registration is disabled" and the source IP of those entries is one of their internal servers. However, that server does not have any RSA components installed on it nor does it get used in any of our current RSA authentication schemes. In addition, the report shows that these "Agent auto-registration" messages get logged from that server every Sunday morning and there are always 18 attempts beginning from 5:35 AM and ending around 5:37 AM (give or take five minutes on either end). I have looked in the Task Scheduler on that server and can't find any tasks that would run automatically at that time.
Hoping someone here has seen similar behavior and/or hoping someone might be able to tell me what to look for on that server as to why it's trying to talk to the RSA AM.