We have many users that connect to the company network over VPN. They will logon to their laptop using RSA Securid Agent and then connect to company VPN sometime later.
They notice that sometimes when connected via VPN their Offline Days get updated and sometimes the update doesn't happen. Is there some documentation that explains how the download of Offline Days occurs in these circumstances. What are the things that could cause it to work some days and not on other days ?
Whenever a token is used on a system, online or offline, a 24 hour proof ticket is generated, and if the system does go online eventually (VPN for example) and can reach an RSA server on port 5580/tcp, it submits the proof of authentication and that will or should trigger offline day download. If the proof expires, then no download. There are a few internal components working to make this happen correctly. The best bet is use the latest windows agent (which today Dec 19 2018 is 7.4.2.122) and also be running the latest version of RSA Authentication Manager server. If you enable trace logging in RSA Control Center the log files with DA in the name are all about what is happening on port 5580 which would cover windows password integration and offline day processing.
-basics to check
time and date on the windows machine is accurate
time and date on the RSA Auth Manager server is accurate
if software token, the time and date on the device running the token is accurate
port 5580/tcp is allowed to RSA server
-Auth Manager server is at least 8.3.0.x [not required but improvements to offline processing are continually updated]
-Agent build is 7.4.2.122 or higher [not required but improvements to offline processing are continually updated]