RSA Web Agent 7.1.3 SharePoint WFEs Authentication with Multiple IP Addresses

Posted by Ivan Sanders on February 23rd 2015 to SharePoint    Tagged , , , ,    

image4

 

If you are unable to authenticate the after installation and configuration of the RSA WebAgent, you have downloaded the agent from EMC http://www.emc.com/security/rsa-securid/rsa-authentication-agents/iis-7-1.htm,  followed the installation instructions.

Configuration and Errors

  1. You have created and copied the sdconf.rec file to %windir%/system32 and to the C:\Program files\RSA Security\RSAWebAgent
  2. When attempting to authenticate you receive “100:Access denied. The RSA ACE/Server rejected the Passcode. Please try again.”
  3. The application Event viewer  there is an Event ID: 1012, Source: ACEClIENT “Multihomed host detected: Primary IP assumed xxx.xxx.xxx.xxx” and this is not the IP Address you are using for your Extended Web App.

The secureid file will not be created and you will not be able to authenticate

 

 

RSA Rulesimage

Whenever there are multiple IP Addresses (Multi homed Servers) on a Web Server and the Default Address  is not the primary Addresses used for RSA Authentication . The RSA Agent will NOT create the SecureID file on first authentication and the request will timeout…

  1. If the SharePoint server is configured as the WFE, and you are installing the RSA WebAgent to secure external access, ensure the Local System account has read/write access for the following registry key: HKLM\Software\SDTI\ACECLIENT. This ensures that SharePoint WFE is able to write the secret to the registry.
  2. If the SharePoint WFE  has multiple IP Addresses, you will need to explicitly configure the network adapter address through which SharePoint WFE connects to the RSA Authentication Manager for authentication or authentication will fail. To do this, create a new String Value PrimaryInterfaceIP in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\AceClient\.
  3. Double Click on  HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\AceClient\PrimaryInterfaceIP 
  4. Add the IP Address as the value data.  The value specified must match that set in the agent host record.

 

Don’t forget SharePoint Saturday in Utah next Saturday

clip_image011

SharePoint administrators, end users, architects, developers, and other professionals that work with Microsoft SharePoint Technologies will meet for:

SharePoint Saturday Utah on February 28th 2015 at the University of Utah David Eccles School of Business located at 1655 Campus Center Dr. Salt Lake City, UT 84112.

 

 

 

 

Cheers,

 

Ivan Sanders
SharePoint MVP / MCT

Blog: http://blogs.msmvps.com/ivansanders/

clip_image002 clip_image004 clip_image006 clip_image007 clip_image009 clip_image010

No Comments

No comments yet. Be the first.

Leave a Reply