Authentication fails with error NS_MISMATCH_SERVER_HAS_BUT_AGENT_DOESNT
2 years ago
Originally Published: 2015-07-30
Article Number
000049746
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4
 
Issue

All authentications from an agent are failing.

The authentication activity log or real-time activity monitor, are reporting the following error codes:

AUTH_NODE_VERIFICATION    23005    2 
NS_MISMATCH_SERVER_HAS_BUT_AGENT_DOESNT

Cause

Message id AUTH_NODE_VERIFICATION means "The agent's node secret stored on the server is not the node secret used to encrypt the packet." 

The result NS_MISMATCH_SERVER_HAS_BUT_AGENT_DOESNT means "Node secret mismatch: cleared on agent but not on server". You should get this additional information if your search for the corresponding record (same date/time and agent IP address) in the authentication activity log. 

These codes confirm that this particular authentication request did get through from the agent to the RSA Authentication Manager server or appliance, however the authentication failed due to the node secret issue. 

Resolution

Clear the node secret for this agent on the RSA Authentication Manager server or appliance.

Notes
Refer the RSA Authentication Manager 7.1 Administrator’s Guide for more information about node secrets. 
For instructions to clear the node secret for an agent, login to the RSA Security Console then from the Home tab click "All Help Topics" to navigate to RSA Security Console Help > Authentication Agents > Manage the Node Secret .

Related Articles

Trending Articles

Don't see what you're looking for?