Microsoft Windows 2003 Server
The Agent trace below indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting.
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(229): DASvcDLReceiver::run() - received a OP_USER_SECRET
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(571): DASvcDLReceiver::receiveUserSecret - entry
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(630): DASvcDLReceiver::receiveUserSecret - LAC or DAC receiving user secret?
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=84 (DPS_OP_USER_SECRET)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(210): DASvcDLReceiver::run() - creating new op to read
16:41:46 Thr: 0x9d0 dps_dl.cpp(70): DpsDL::DpsDL network vcheck(1).
16:41:46 Thr: 0x9d0 dps_dl.cpp(71): DpsDL::DpsDL network recvTimeoutSecs(120).
16:41:46 Thr: 0x9d0 dps_dl.cpp(283): DpsDL::startDeserialization check version value1.
16:41:46 Thr: 0x9d0 dps_dl.cpp(310): DpsDL::startDeserialization check version 1.
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(28): DpsDLRequestOp::DpsDLRequestOp() - entering
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(33): DpsDLRequestOp::DpsDLRequestOp() - received Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(214): DASvcDLReceiver::run() about to switch on op type
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(259): DASvcDLReceiver::run() - received unexpected OP
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(289): DASvcDLReceiver::run() - returning DA_PROTOCOL_ERROR (17)
The Agent trace above indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting. The AuthMgr will only do this if it thinks the Agent host is a DAC or DAH. It is possible that the LAC/DC must have been converted from a DAC/DAH.
This has been part of the release notes in cumulative hot fix 138. This has been described as BugID 55499. When you convert your deployment from the Domain Authentication solution to the Local Authentication solution, custom settings, such as the location of the offline days file folder, are reverted to default settings. After replacing the Domain Authentication Server component with the Local Authentication client component, users are unable to download offline days.
To resolve this issue:
1. Remove the Agent Host record for the domain controller from the Authentication Manager database.
2. Add the Agent host it manually ( or by auto registration ) as a Net OS Agent.
3. Use the RSA Security Center on the domain controller to clear the Node Secret on the domain controller.
4. Perform test authentication. Offline data will download immediately.
Related Articles
RSA SecurID Software Token for Android Downloads Number of Views How to verify that RSA Authentication Agent for Windows can perform challenge user lookups across different Active Directo… Number of Views Download Troubleshooting Files Number of Views SCIM API for User Modification Number of Views Can a running review be refreshed without losing the completed work in RSA Identity Governance & Lifecycle? Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager 8.x import of replacement certificate fails with the error This certificate is already imported Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio… RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
