SecurID^®

When upgrading to RSA Authentication Manager 8.x, or from a lower version of 8.x to a more recent version, there are some steps that should be done before the upgrade process as prerequisites, and other steps should be done after the upgrade process is finished to ensure successful upgrade for RSA instance(s). Moreover, the PDF attached to this KB article includes the links for iso-images for old versions/patches that are no longer supported like 8.1, 8.1 SP1, 8.2, and 8.2 SP1 required for the upgrade process.  Hence, a unified document attached to the KB article addressed all the issues mentioned above. A consolidated/unified document related to the RSA Authentication Manager Full Upgrade Process has been created. As this document contains the following sections:  1. Full Upgrade Path of RSA AM (v6.1 to v8.7 P2). 2. Pre-upgrade Steps > Doing Sanity checks and taking backup/snapshots from the RSA AM. 3. Upgrade Steps > Upgrading of Primary then Replica instances. 4. Post-upgrade Steps > Check the detailed logs and Upgrade the Web Tiers and Admin SDK steps if they are being used. 5. Downloads & Documentation > This contains all the download links for all old and new versions as well the guides and known issues for the supported versions. - Public KB Article Link: https://community.rsa.com/t5/securid-knowledge-base/rsa-authentication-manager-upgrade-process/ta-p/695177 ... View more

When upgrading to RSA Authentication Manager 8.x, or from a lower version of 8.x to a more recent version, there are some steps that should be done before the upgrade process as prerequisites, and other steps should be done after the upgrade process is finished to ensure successful upgrade for RSA instance(s). Moreover, the PDF attached to this KB article includes the links for iso-images for old versions/patches that are no longer supported like 8.1, 8.1 SP1, 8.2, and 8.2 SP1 required for the upgrade process.  Hence, a unified document attached to the KB article addressed all the issues mentioned above. A consolidated/unified document related to the RSA Authentication Manager Full Upgrade Process has been created. As this document contains the following sections:  1. Full Upgrade Path of RSA AM (v6.1 to v8.7 P2). 2. Pre-upgrade Steps > Doing Sanity checks and taking backup/snapshots from the RSA AM. 3. Upgrade Steps > Upgrading of Primary then Replica instances. 4. Post-upgrade Steps > Check the detailed logs and Upgrade the Web Tiers and Admin SDK steps if they are being used. 5. Downloads & Documentation > This contains all the download links for all old and new versions as well the guides and known issues for the supported versions. - Public KB Article Link: https://community.rsa.com/t5/securid-knowledge-base/rsa-authentication-manager-upgrade-process/ta-p/695177 ... View more

Article Number 000068076 Applies To RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x   Issue When upgrading to RSA Authentication Manager 8.x, or from a lower version of 8.x to a more recent version, there are some steps that should be done before the upgrade process as prerequisites, and other steps should be done after the upgrade process is finished to ensure successful upgrade for RSA instance(s). The PDF attached to this KB article includes the links for iso-images for old versions/patches that are no longer supported like 8.1, 8.1 SP1, 8.2, and 8.2 SP1 required for the upgrade process.  Hence, a unified document attached to the KB article addressed all the issues mentioned above. Task A consolidated/unified document related to the RSA Authentication Manager Full Upgrade Process has been created. As this document contains the following sections:  1. Full Upgrade Path of RSA AM (v6.1 to v8.7 P2). 2. Pre-upgrade Steps > Doing Sanity checks and taking backup/snapshots from the RSA AM. 3. Upgrade Steps > Upgrading of Primary then Replica instances. 4. Post-upgrade Steps > Check the detailed logs and Upgrade the Web Tiers and Admin SDK steps if they are being used. 5. Downloads & Documentation > This contains all the download links for all old and new versions as well the guides and known issues for the supported versions. ... View more

Article Number 000067934 Applies To RSA Product Set: SecurID Access RSA Product/Service Type: RSA MFA Agent for Microsoft Windows Version(s): 2.0.x, 2.1.x Issue This article summarizes steps that should be taken to troubleshoot the RSA MFA Agent. Resolution Check the list of common issues and solutions in the Installation and Administration Guide for your RSA MFA Agent version, "Chapter 5: Troubleshooting", section "Issues and Resolutions". If that does not help you to fix the problem, then on the Windows computer that is encountering the issue, look for errors logged in the following location of Windows Event Viewer, around the date and time that the problem occurred: Applications and Services Logs > RSA MFA Agent If no recent events are logged, check that the RSA MFA Agent service is running.   The service must be running, and must be set to start automatically at startup.  If need be, start the RSA MFA Agent then check if the issue still occurs. Workaround If help is needed from SecurID Support please do the following steps in the order shown to get a comprehensive set of data that can be analyzed for the RSA MFA Agent: Enable trace logging in the RSA MFA Agent.  For instructions, see "Chapter 5: Troubleshooting", section "Enable Tracing" in the Installation and Administration Guide for your RSA MFA Agent version.  Make a note of the location configured where log files are to be saved.  Note:  If possible, leave trace logging enabled until the issue has been remediated in case logs are needed for another instance of the problem.   The instructions also explain how to limit the amount of disk space that trace logging consumes. If the RSA MFA Agent is connected to SecurID Authentication Manager (AM), configure logging in AM for Trace Log.  On the primary and all replicas, make a note of the current log level for Trace Log then set it to Verbose on all AM servers. Reproduce the issue or wait for it to occur, noting the date, time and user id for the attempt.  Consider using a mobile phone or similar to video any unusual behaviour and/or take a photo or make a note of any error messages displayed. If the RSA MFA Agent is connected to SecurID Authentication Manager (AM), then immediately after reproducing the issue, set Trace Log back to its original log level on all AM servers.  It is very important not to leave it at Verbose for extended periods of time, as it will generate huge amounts of log data which can negatively impact production. Raise a Support case if you do not have one already, then send all of the following items to Support.  Or you may prefer to wait and check with the support engineer assigned to the case to determine which of these items are most likely to be needed:: From Windows Event Viewer, save events in both .evtx and .txt formats from all of the categories below. Save all events, or at least all events since the last time the computer was last powered on before the issue was reproduced (see step 3 above): Windows Logs > Application Windows Logs > Security Windows Logs > System Applications and Services Logs > Microsoft > Windows > Crypto-DPAPI >  Operational Applications and Services Logs > RSA MFA Agent All files from the RSA MFA Agent's tracing output file location (the default location is C:\ProgramData\RSA\Logfiles) Date, time and user id when the issue occurred at step 3 above, plus any videos, photos and description of the problem and error messages. If the RSA MFA Agent is connected directly to the SecurID Cloud Authentication Service, or if it is connected to it via Authentication Manager as a proxy, then in the User Event Monitor take a screenshot or "print to PDF" of all events for the user around the time the issue was reproduced at step 3 above.  If no events were logged around that time, please inform Support. If the RSA MFA Agent is connected to SecurID Authentication Manager (AM): generate a report of all authentication activity events for the user around the time the issue was reproduced at step 3 above .  If no events were logged around that time, please inform Support. from the authentication activity report, determine which AM server (primary or a replica) handled the authentication at step 3 above.  On that AM server, download all troubleshooting files .  Be sure to remember the password that was set for the troubleshooting files, and send that to Support too. ... View more