OPERATIONAL DEFECT DATABASE
...
...
The following can be observed in the authentication detailed output: 24500 Authenticating user against the RSA SecurID Server - RSA SecurID 24564 Passcode cache is not enabled in the RSA identity store configuration - RSA SecurID 24501 A session is established with the RSA SecurID Server - RSA SecurID (step latency=4913 ms Step latency=4913 ms) 24504 The lock user request has failed - RSA SecurID (step latency=25011 ms Step latency=25011 ms) RSA shows: Node secret verification Verifying node secret for the agent ?isenode.domain.com?
ISE 2.3 RSA SecurID
ade # su - oracle Last login: Tue Aug 18 20:47:58 CST 2020 [oracle@cricppiseapp01 ~]$ [oracle@cricppiseapp01 ~]$ [oracle@cricppiseapp01 ~]$ sqlplus /@cpm10 SQL> select sec_resguid from sec_res_master where sec_res_name like '%RSA SecurID%'; SEC_RESGUID ---------------------------------------------------------------------------------------------------- XXXXXXXX SQL> delete from sec_res_master where sec_res_name='RSA SecurID' AND SEC_RESGUID='XXXXXXXX'; SQL> commit; restart of the ISE services (application stop/start ise) Please NOTE - Running above SQL query will delete complete RSA config and we will need to re-configure the RSA Scure ID by importing the sdconf and sdopts file on ISE GUI . https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.html#ID1516 option 2) Need to reset the secure ID file agent(ISE) as well Please go to RSA secureID config and click on RSA Instance files. Please select the node on it and click on reset secure ID file no action tab . Then select the remove and save it.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
