Common Issues

To communicate with the user's RSA AM Server, Unified Access Gateway uses the RSA SecurID client which connects on TCP port 5555. If there is a firewall in between that blocks this TCP port, or the RSA AM Server is not reachable, SecurID authentication fails. For more information, see KB 88002.

RSA API on RSA Authentication Manager is not enabled

By default, the Enable Authentication API setting is not enabled in the RSA SecurID Authentication API section of RSA AM Server. For more information, see KB 88003.

RSA AM Certificate issues with UAG 2111 and later

When configuring RSA SecurID on Unified Access Gateway, the SSL certificate on the RSA AM Server might not be trusted if it is a self-signed certificate, or a certificate not issued by a trusted Certificate Authority. In such scenarios, it is necessary to obtain the public certificate or issuer certificate from the RSA AM Server and upload it to Unified Access Gateway to allow this trust. For more information, see KB 88004.

FAIL reason-code: VERIFY_ERROR logged in UAG authbroker.log

When Unified Access Gateway performs an RSA SecurID authentication attempt against RSA AM Server with the credentials entered by the user, the outcome is logged in the /opt/vmware/gateway/logs/authbroker.log file included with the logs .zip set.

To grant access for the user, Unified Access Gateway must receive CREDENTIAL_VERIFIED response from RSA AM. However, there can be several scenarios when the response code returned is VERIFY_ERROR. For more information, see KB 88005.