I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Regards,
Erica
Find the securid file on the agent, and delete it, or run 'RSA Control Center' and delete the node secret there.
Then run a test authentication using RSA Control Center, it should work now that there is no node secret on the agent.
Once the first authentication works, a new node secret should exist on both RSA server and the agent.
Do another test authentication, this will use the node secret and if successful, there are no node secret problems anymore.
On a typical windows agent, the node secret will be here as a file called securid. Here is mine:
Your error is saying the windows machine has one, but the RSA server doesn't...so the fix is remove the one on the agent so that both the RSA server and agent agree the node secret is <null>, and do a test authentication, and they will try to set a new one up automatically.
Once the test button consistently works with no issues, you can assume there won't be any node secret problems anymore as long as: no one clears it by mistake on either side, and as long as any process on the agent machine that is doing an authentication ('run as...' for example) can read the node secret file. If that occurs (node secret exists but cannot be read) the error might be something like 'node secret mismatch Server has one, but agent doesn't' but in reality the agent does have one, it just cannot be read by the process asking for it (the fix for this is 'read permissions' on the securid file itself).
Hi Edward,
Thanks for the answer.
I was able to solve the issue by giving full control to the securid file.
Regards
Luca
Find the securid file on the agent, and delete it, or run 'RSA Control Center' and delete the node secret there.
Then run a test authentication using RSA Control Center, it should work now that there is no node secret on the agent.
Once the first authentication works, a new node secret should exist on both RSA server and the agent.
Do another test authentication, this will use the node secret and if successful, there are no node secret problems anymore.
On a typical windows agent, the node secret will be here as a file called securid. Here is mine:
Your error is saying the windows machine has one, but the RSA server doesn't...so the fix is remove the one on the agent so that both the RSA server and agent agree the node secret is <null>, and do a test authentication, and they will try to set a new one up automatically.
Once the test button consistently works with no issues, you can assume there won't be any node secret problems anymore as long as: no one clears it by mistake on either side, and as long as any process on the agent machine that is doing an authentication ('run as...' for example) can read the node secret file. If that occurs (node secret exists but cannot be read) the error might be something like 'node secret mismatch Server has one, but agent doesn't' but in reality the agent does have one, it just cannot be read by the process asking for it (the fix for this is 'read permissions' on the securid file itself).