AnsweredAssumed Answered

Multiple Remote Desktop Session Hosts token import problem

Question asked by Ralph Smith on Apr 6, 2020
Latest reply on Apr 7, 2020 by Erica Chalfin

Like • Show 0 Likes0
Comment • 4

I could use some help if anyone has a solution.

I am IT at a non-profit in which employees are using the RSA Soft Token in order to access some NY State web sites.

Now with everyone working from home I am having a problem with the soft tokens on our Windows Remote Desktop Session Hosts.

We have multiple session hosts that users access through a Remote Desktop Gateway, and the RD Connection Broker load balances so users don't always get the same session host.

We use a user profile disk in our RD setup, so user profiles on the session hosts are redirected to the user's specific profile disk.

The problem I am having is importing the token file on one host works OK, but when a user tries to import a token while connected to a different session host, they get a blank screen asking them to select a device where the token will be stored, but the list is blank.

I've found some seemingly relevant articles in the knowledge base

000011874 - RSA SecurID Software Token for Microsoft Windows shows blank screen when asked to select a device where the token will be stored

000032390 - Installing the same RSA SecurID Software Token 5.0 for Windows on different machines without reimporting

Multiple Users Sharing desktop

None of these are specifically addressing remote desktop sessions the way we are set up, and although I tried them, nothing has resolved this.

The last thing I did was install the RSA software version 5.0.2 on the session hosts with the following command:

msiexec /i RSASecurIDToken502x64.msi /qn /l*v install.log SETROAMING=TRUE SETSINGLEDATABASE=TRUE SETCOPYPROTECTION=FALSE SETDATABASEDIR=%AppData%\RSA

Still no success.

If anyone has the answer I'd sure appreciate it.

No one else has this question

Outcomes

Edward Davis

Apr 6, 2020 4:57 PM

We have a newer build 5.0.2.581 which has some fixes, and will facilitate roaming database.

It's roaming options may help you work out your scenario.

However I am not sure this will remedy your situation...as I obviously have not dug into your specific issue.

Check help/about for your current version, which is likely .440

so, start with this version: hotfix 1775 [build 581]

the kit has been qualified by QE

(the readme for 1775 will show to upgrade or full install and talks about the roaming capabilities and restrictions)

Please open a support case and request RSA Software Token for Windows Desktop Hotfix 1775 [SWTDT-1775]

Actions

Ralph Smith Apr 7, 2020 9:22 AM

I'm not sure I can open a support case - our organization is the end user, the tokens are supplied by the NY State agency we work with, so we are not the licensee.

Actions

Edward Davis

@ Ralph Smith on Apr 7, 2020 9:45 AM

OK,

That special build of RSA Software Token can facilitate roaming profiles, which could solve the token storage dilemma (storage would be where the profile is located) but it also has limitations in that same area, (users roaming profile location may vary based on the specific version of windows) so is not widely available. It would need to be deployed with assistance from RSA support to make sure it is working correctly and whatnot.

Actions

Erica Chalfin

@ Ralph Smith on Apr 7, 2020 9:47 AM

Ralph Smith,

Is anyone working at the state agency that administers the RSA Authentication Manager instance? If you contact them, they can open a support case on your behalf and add you as a designated contact.

Regards,

Erica

Actions

4 Replies

Edward Davis Apr 6, 2020 4:57 PM
Mark Correct
Correct Answer
We have a newer build 5.0.2.581 which has some fixes, and will facilitate roaming database.
It's roaming options may help you work out your scenario.

However I am not sure this will remedy your situation...as I obviously have not dug into your specific issue.

Check help/about for your current version, which is likely .440

so, start with this version: hotfix 1775 [build 581]
the kit has been qualified by QE

(the readme for 1775 will show to upgrade or full install and talks about the roaming capabilities and restrictions)

Please open a support case and request RSA Software Token for Windows Desktop Hotfix 1775 [SWTDT-1775]
Like • Show 1 Like1
Actions
Ralph Smith Apr 7, 2020 9:22 AM
Mark Correct
Correct Answer
I'm not sure I can open a support case - our organization is the end user, the tokens are supplied by the NY State agency we work with, so we are not the licensee.
Like • Show 0 Likes0
Actions
- Edward Davis @ Ralph Smith on Apr 7, 2020 9:45 AM
  Mark Correct
  Correct Answer
  OK,
  
  That special build of RSA Software Token can facilitate roaming profiles, which could solve the token storage dilemma (storage would be where the profile is located) but it also has limitations in that same area, (users roaming profile location may vary based on the specific version of windows) so is not widely available. It would need to be deployed with assistance from RSA support to make sure it is working correctly and whatnot.
  Like • Show 0 Likes0
  Actions
- Erica Chalfin @ Ralph Smith on Apr 7, 2020 9:47 AM
  Mark Correct
  Correct Answer
  Ralph Smith,
  
  Is anyone working at the state agency that administers the RSA Authentication Manager instance? If you contact them, they can open a support case on your behalf and add you as a designated contact.
  
  Regards,
  Erica
  Like • Show 0 Likes0
  Actions

Multiple Remote Desktop Session Hosts token import problem

Outcomes

Related Content

Recommended Content