Microsoft Windows 2003 Server
The Agent trace below indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting.
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(229): DASvcDLReceiver::run() - received a OP_USER_SECRET
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(571): DASvcDLReceiver::receiveUserSecret - entry
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(630): DASvcDLReceiver::receiveUserSecret - LAC or DAC receiving user secret?
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=84 (DPS_OP_USER_SECRET)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(210): DASvcDLReceiver::run() - creating new op to read
16:41:46 Thr: 0x9d0 dps_dl.cpp(70): DpsDL::DpsDL network vcheck(1).
16:41:46 Thr: 0x9d0 dps_dl.cpp(71): DpsDL::DpsDL network recvTimeoutSecs(120).
16:41:46 Thr: 0x9d0 dps_dl.cpp(283): DpsDL::startDeserialization check version value1.
16:41:46 Thr: 0x9d0 dps_dl.cpp(310): DpsDL::startDeserialization check version 1.
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(28): DpsDLRequestOp::DpsDLRequestOp() - entering
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(33): DpsDLRequestOp::DpsDLRequestOp() - received Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(214): DASvcDLReceiver::run() about to switch on op type
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(259): DASvcDLReceiver::run() - received unexpected OP
16:41:46 Thr: 0x9d0 dps_dlrequestop.cpp(40): DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=0 (DPS_OP_UNDEFINED)
16:41:46 Thr: 0x9d0 da_svc_dlreceiver.cpp(289): DASvcDLReceiver::run() - returning DA_PROTOCOL_ERROR (17)
The Agent trace above indicates that the Authentication Manager is sending a User Secret which the Agent is not expecting. The AuthMgr will only do this if it thinks the Agent host is a DAC or DAH. It is possible that the LAC/DC must have been converted from a DAC/DAH.
This has been part of the release notes in cumulative hot fix 138. This has been described as BugID 55499. When you convert your deployment from the Domain Authentication solution to the Local Authentication solution, custom settings, such as the location of the offline days file folder, are reverted to default settings. After replacing the Domain Authentication Server component with the Local Authentication client component, users are unable to download offline days.
To resolve this issue:
1. Remove the Agent Host record for the domain controller from the Authentication Manager database.
2. Add the Agent host it manually ( or by auto registration ) as a Net OS Agent.
3. Use the RSA Security Center on the domain controller to clear the Node Secret on the domain controller.
4. Perform test authentication. Offline data will download immediately.
Related Articles
Download Troubleshooting Files Number of Views RSA SecurID Software Token for Android Downloads Number of Views RSA Authentication Manager 8.5 Identity Router enablement did not succeed, fails to download Number of Views Can a running review be refreshed without losing the completed work in RSA Identity Governance & Lifecycle? Number of Views When attempting to launch the RSA Identity Governance and Lifecycle UI the browser shows a "page can't be displayed" error… Number of Views
Trending Articles
RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server RSA Authentication Manager 8.9 Release Notes (January 2026) How to test RSA Identity Router (IDR) Secure Connector connectivity to the RSA ID Plus Cloud Access Service RSA-2026-07: RSA Identity Router Security Update for Third-Party Component Vulnerabilities How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle
