Our agents are setup to work with hardware tokens.
With 7.3.3 on Windows 7, no problem login as local administrator using name (.\administrator) and password.
But with Windows 10 and agent 7.4.3, login as local administrator always fail with a brief 'Authentication failure' error message.
My test show that If the agent is uninstalled, local Administrator login works immediately; but if agent is installed back, local logins fails again.
This shouldn't be happening, but I cannot find similar issues after searching around. Appreciate any help on this.
Mike,
You might need a support case to get to the bottom of this problem, but in general terms you would enable verbose logging either in RSA Control Center
or GPO
It's best to select all logs, but what you would look at in general would be;
- SIDAuthenticator(LoginUI).log for challenge, to determine if the local admin were challenged or not, and if challenged, did they successfully authenticate.
There can be other versions of the SIDAuthenticator( ).log with whatever in parenthesis being the app using SecurID. Sometimes you are just trying to figure out if user is challenged, and if they got their authentication request to an AM server. You typically watch the AM Security Console - Reporting - Real Time Monitor, Authentication Monitor
to watch in real time, or an Authentication Activity Report to see after the fact.
Things can get complex when you are no longer using the console or Microsoft RDP, but some third party remote console app, which should show up inside the parenthesis of one of the SIDAuthenticator( ).logs. We've seen various configuration and/or interoperability issues.
You might need to add remote console apps as an RDCFileName in either the registry or GPO
000033802 - Microsoft Windows update MS16-101 breaks RDP from the RSA Authentication Agent 7.3.1 for Windows for all RSA challenged users