Refresh the Node Secret
Problems with the node secret can result in authentication or node verification errors. Refresh the node secret when:
The node secret on the authentication agent is lost, for example, when you restore the original system image on a hardware appliance or you reinstall the agent.
The authentication agent record is deleted or re-added.
The node secret is deleted from one end of the connection but not the other, for example, the node secret is deleted from the RSA Authentication Manager appliance but not from an associated authentication agent.
You do not need to refresh the node secret when you change the authentication agent name or IP address.
Before you begin
On Windows 2008, Windows Vista, and Windows 7 or later, with the User Account Control feature enabled, the agent_nsload utility must be run from an elevated command prompt if the node secret is being stored at the default location, drive:\%windir%\system32.
The sdconf.rec file must be present in the destination folder on the authentication agent machine.
Procedure
Create a node secret. For instructions, see Manage the Node Secret.
From the RSA Authentication Manager Extras ZIP file, copy agent_nsload from the rsa-ace_nsload directory to the machine on which the agent is installed. Use the utility version that is specific to your platform.
From a command line on the machine on which the agent is installed, type:
agent_nsload -f path -p password
where:
- path is the directory location and name of the node secret file.
- password is the password used to protect the node secret file.
You can also enter the password when prompted.
For example, to extract the node secret to the default location, using the agent_nsload utility, type:
On UNIX:
agent_nsload -f /default_dir/nodesecret.rec
On Windows:
agent_nsload -f C:\default_path\ nodesecret.rec
To extract the node secret to a user-defined location, using the agent_nsload utility, type:
On UNIX:
agent_nsload -f /VAR_ACE/nodesecret.rec -d /VAR_ACE/new_dir/
On Windows:
agent_nsload -f C:<windows path>\System32\ nodesecret.rec -d C:\<windows path>\System32\new_dir\
Related Articles
User initially shows passcode accepted and node secret sent, but second authentication fails with node secret mismatch: cl… Number of Views Authentication Manager Node secret mismatch on TMG or UAG Number of Views Manage the Node Secret Number of Views Manually creating the node secret for RSA Authenticaiton Manager fails on Microsoft Forefront Threat Management Gateway Number of Views How to recreate the node secret for RADIUS Server in RSA Authentication Manager 8.x Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
