Refresh the Node Secret

Problems with the node secret can result in authentication or node verification errors. Refresh the node secret when:

  • The node secret on the authentication agent is lost, for example, when you restore the original system image on a hardware appliance or you reinstall the agent.

  • The authentication agent record is deleted or re-added.

  • The node secret is deleted from one end of the connection but not the other, for example, the node secret is deleted from the RSA Authentication Manager appliance but not from an associated authentication agent.

You do not need to refresh the node secret when you change the authentication agent name or IP address.

Before you begin

  • On Windows 2008, Windows Vista, and Windows 7 or later, with the User Account Control feature enabled, the agent_nsload utility must be run from an elevated command prompt if the node secret is being stored at the default location, drive:\%windir%\system32.

  • The sdconf.rec file must be present in the destination folder on the authentication agent machine.

Procedure

  1. Create a node secret. For instructions, see Manage the Node Secret.

  2. From the RSA Authentication Manager Extras ZIP file, copy agent_nsload from the rsa-ace_nsload directory to the machine on which the agent is installed. Use the utility version that is specific to your platform.

  3. From a command line on the machine on which the agent is installed, type:

    agent_nsload -f path -p password

    where:

    • path is the directory location and name of the node secret file.
    • password is the password used to protect the node secret file.

    You can also enter the password when prompted.

    For example, to extract the node secret to the default location, using the agent_nsload utility, type:

    • On UNIX:

      agent_nsload -f /default_dir/nodesecret.rec

    • On Windows:

      agent_nsload -f C:\default_path\ nodesecret.rec

    To extract the node secret to a user-defined location, using the agent_nsload utility, type:

    • On UNIX:

      agent_nsload -f /VAR_ACE/nodesecret.rec -d /VAR_ACE/new_dir/

    • On Windows:

      agent_nsload -f C:<windows path>\System32\ nodesecret.rec -d C:\<windows path>\System32\new_dir\

Related Concepts

RSA Authentication Agents

Related Tasks

Manage the Node Secret