User authentication does not work after you select the RSA SecurID option in ISA Server 2006, in Microsoft Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008

Article translations Article translations
Article ID: 925165 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Expand all | Collapse all

SYMPTOMS

You configure a Web listener for a publishing rule in Microsoft Internet Security and Acceleration (ISA) Server 2006, in Microsoft Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008. In this Web listener, you select the RSA SecurID option as the method that ISA Server 2006, Microsoft Forefront Threat Management Gateway, Medium Business Edition, or Windows Essential Business Server 2008 uses to validate client credentials. After you do this, you experience the following symptoms:
  • User authentication does not work.
  • The following error message is logged in the Application log:
    Event Type: Error
    Event Source: ACECLIENT
    Event Category: (1)
    Event ID: 1001
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: File not found: C:\Program Files\Microsoft ISA Server\SDCONFIG.
    Data: 0000: 00000000
Note If you use the Sdtest.exe command-line tool to test authentication, authentication appears to work correctly.

CAUSE

This problem may occur if one or both of the following conditions are true:
  • The computer that is running ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition has multiple network interfaces. Additionally, the PrimaryInterfaceIP registry entry does not contain the IP address that ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition uses to communicate with the RSA ACE/Server.
  • The shared secret file is not stored in the correct location.

RESOLUTION

To troubleshoot this problem, follow these steps:
  1. If the computer that is running ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition has multiple network interfaces, verify that the PrimaryInterfaceIP registry entry contains the IP address of the network interface that ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition uses to communicate with the RSA ACE/Server. This registry entry is located in the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\AceClient\
  2. Verify that all the sessions that are connected to the published server by using the Web publishing rule are closed or disconnected.
  3. If you used the Sdtest.exe command-line tool to create the shared secret with the RSA ACE/Server, you must copy the shared secret file from the %windir%\System32\Sdconfig folder to the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition installation folder's Sdconfig subfolder. For example, if ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition is installed in the %ProgramFiles%\Microsoft ISA Server folder or in the Microsoft Forefront Threat Management Gateway, Medium Business Edition folder, copy the shared secret file from the %windir%\System32\Sdconfig folder, and then paste it in the %ProgramFiles%\Microsoft ISA Server\Sdconfig folder.
  4. Stop and then restart the Microsoft Firewall service.

MORE INFORMATION

For more information about authentication support for the RSA SecurID option in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc302436.aspx

Properties

Article ID: 925165 - Last Review: May 16, 2007 - Revision: 2.3
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
Keywords: 
kbfirewall kbeventlog kbtshoot kbprb KB925165

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com