RSA MFA Agent for Windows logs a warning that "System cannot access location data for this computer"
a year ago
Originally Published: 2025-02-24
Article Number
000073202
Applies To

RSA ID Plus

RSA MFA Agent for Windows (all versions)

Issue

The RSA MFA Agent for Windows (MFA Agent) is logging a Warning event to Windows Event Viewer in category Applications and Services Logs > RSA MFA Agent.

The warning is logged with Event ID 1110 and the description System cannot access location data for this computer for user 'username'.

 

Event Viewer

This warning only impacts authentications when:

  • The MFA Agent is configured to connect to the RSA Cloud Authentication Service (CAS) either directly, or using RSA Authentication Manager as a secure proxy for CAS.
  • The CAS Access Policy set in GPO Policy for the MFA Agent, has conditions that rely on collection of the IP address or location (latitude and longitude) of the computer where the MFA Agent is running.  See page Condition Attributes for Access Policies .   If the required location data cannot be collected, then it will default to an "untrusted" location or unknown IP address.

See also sections "Specify the Cloud Authentication Service Access Policy", "Collect System Attributes for Cloud Authentication Service Access Policy" and "Specify Location Collection Timeout" in the RSA MFA Agent for Microsoft Windows Group Policy Object Template Guide for your MFA Agent version.

 

Cause

The MFA Agent GPO Policy "Collect System Attributes for Cloud Authentication Service Access Policy" is either Not Configured (which defaults to Enabled), or it is Enabled.  However, Microsoft Windows is unable to provide the MFA Agent with the location of the computer where it is running.

This can be because:

  • Microsoft Windows' location service is disabled, or
  • Microsoft Windows' location service is disabled for the RSA MFA Agent for Windows
  • Microsoft Windows could not provide location information information within the timeout specified by the MFA Agent GPO Setting "Specify Location Collection Timeout", or
  • Microsoft Windows encountered an error obtaining location or IP data, or
  • Location information is temporarily unavailable (e.g. the computer's network connection is down)

 

Resolution
  1. Check the RSA MFA Agent Cloud Authentication Service Access Policy in GPO to find out which CAS Access Policy is configured for the MFA Agent.
  2. Review that CAS Access Policy in the Cloud Administration Console to determine if it contains conditions that rely on IP address or location.

Next steps, depending on the Access Policy conditions are:

  • If the CAS Access Policy does not have conditions that rely on collection of the IP address or location, then there is no need for the MFA Agent to collect location data.  The warning can be ignored.   However, to prevent unnecessary location checks and stop the warning being logged, it is preferable to change the MFA Agent GPO Policy "Collect System Attributes for Cloud Authentication Service Access Policy" to Disabled.
  • If the CAS Access Policy does have conditions that rely on collection of the IP address or location:
    • If the Microsoft Windows' location service is disabled, or disabled for the RSA MFA Agent for Windows, Enable it.
    • If the Microsoft Windows' location service is enabled, the MFA Agent logs should be checked for any additional information that may help you troubleshoot the issue.  To get the MFA Agent logs, follow the "Advanced Troubleshooting" steps in KB article Troubleshooting RSA MFA Agent for Microsoft Windows .  At step 8b) get the following items:
      • RSA MFA Agent Logs
      • Windows Event Viewer (in each category, include all events around the date/time the issue has occurred)
        • Windows Logs > Application
        • Windows Logs > Security
        • Windows Logs > System
        • Applications and Services Logs > RSA MFA Agent

 

Notes

Related Articles

Trending Articles

Don't see what you're looking for?