aservers occasionally are unable to decrypt tokens from other aservers.
Originally Published: 2009-02-04
Article Number
Applies To
Issue
IWA authentication method loops continually without sending authenticated user to protected page.
aserver logs show the following error message directly associated with each IWA authentication failure:
sequence_number=5943,remote_client=aserver1,2009-02-03 15:59:52:344 GMT+00:00,messageID=6,client_ip_address=192.168.0.1,client_port=38547,result_code=0,result_action=User Token Failed,result_reason=Token error
Cause
Resolution
Check to ensure that there are no typos in the keyserver.conf files. Specifically check to ensure that each keyserver has a unique name defined for
cleartrust.keyserver.local_id
and that host name defined in the parameter refers to the physical machine where the keyserver resides.
Workaround
Notes
Related Articles
Error "System was modified beyond the allowed threshold, cannot decrypt" on RSA Authentication Manager 8.x Number of Views How to decrypt RADIUS traffic using Wireshark with RSA Authentication Manager Number of Views Bluecoat SSL Visibility "Traffic between Google Chrome and Google services, such as Gmail, can no longer be decrypted by S… Number of Views Corrections to RSA SecurID Token Record Decryption Guide Number of Views 'decrypt error: IV missing' in Java auth API trace log Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle Artifacts to gather in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
