Monday, August 22, 2011

100 Access Denied RSA ACE/server rejected the passcode that you have supplied. Try again with a valid passcode.

image

TMG 2010 RSA integration and fallowing error and the solution. You are receiving this errors because the secureid file is not present in one of the directories

  • C:\Windows\System32 directory
  • E:\Program Files\Microsoft Forefront Threat Management Gateway\sdconfig

Secure ID File what does it do ?

Secure ID File ( Contains node secret encryption key ) , if you are missing SecureID file on your server there are problems with creating secure ID on the TMG servers. The RSA servers passes back this file after first successful Authentication back to TMG server and TMG server suppose to put this file into SDCONFIG folder on the same directory you have installed TMG. The bottom line is you have to have this file on above both directories to make the RSA work. You can ask your RSA admin to create this file manually and give it to you to be put on the TMG server.

Sometimes the file gets created on the SYSTEM32 directory , yet present in the SDConfig, if this is the case  you have to copy it manually from system32 into SDCONFIG directory.

Solution:
Manually create the secureid file from RSA server if it is not preset and give it to TMG administrator to place the file onto two locations on the TMG server. If it is present on the SYSTEM32, copy manually to SDCONFIG directory

  • C:\Windows\System32 directory
  • E:\Program Files\Microsoft Forefront Threat Management Gateway\sdconfig

image

image

 

The SDTEST Authentication Utility is used to verify that a computer running TMG Server can authenticate to a computer running RSA Authentication Manager. Note the following: SDTEST.EXE requires the SDCONF.REC to be located in the …system32 folder to run and test authentication successfully.

Install SDTEST into same directory as the TMG installation directory in my case this is E drive

E:\Program Files\Microsoft Forefront Threat Management Gateway

 

image

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

3 comments:

VA's RHD Hachi Roku said...

Do you have a free RSA server setup in your lab? I would like to play around with it in my lab, but not sure if there is anything free for demo'ing?

Anonymous said...

Could you post how you were able to display the Username, Passcode and AD Password prompt? We would like to deploy that very same login screen as well.

Active Directory Group Membership said...

Hi all,

To prevent the exposure of password to anyone having access to file transfer scripts, the designers of SFTP did not provide the ability to include passwords in script commands. Thanks a lot.....