The RSA Authentication Agent for Microsoft Windows may report the following error:

Source: ACECLIENT
Category: ACE/Agent
Event ID: 1002
Description: Authentication Manager is not responding. Run a test authentication using the RSA Security Center or sdinfo on UNIX to verify the port and IP address of the Authentication Manager. Make sure the Authentication Manager process is running.

The agent may have an invalid entry for a Authentication Manager in the sdconf.rec file.

Check the server status from Control Panel | RSA Security Center:

- Select Server Environment in the left pane
- Click Server Status
- Check each server in the dropdown for a Status of "Unused (Server unconnected)"

To create an sdconf.rec file for an individual Authentication Agent with specific Authentication Manager servers:

- Start RSA ACE Server | Database Administration
- Select Agent Host | Edit Agent Host
- Select the host and click OK
- Click Assign Acting Servers
- Select the appropriate Master and Slave Servers
- Click Generate Config File
- Click Yes to commit changes
- Save the file
- Click OK
- Click OK
- Click Assign Acting Servers
- Set Slave and Master to <No Selection> and click OK
- Click OK
- Copy the generated file to C:\WINDOWS\system32 on the Authentication Agent
- Check the server status as above

This will generate the correct sdconf.rec for one Authentication Agent. If the Authentication Manager is misconfigured it will product the incorrect sdconf.rec for all other Authentication Agents.

Check the server settings on the Authentication Manager:

- Start RSA ACE Server | Configuration Tools | Configuration Management
- Click Edit
- Click OK to the warning message
- Ensure Legacy Agent Server is correct or blank
- Ensure RSA ACE/Server Identification is correct
- Click OK

Once this is corrected sdconf.rec files can be generated for agents:

- Start RSA ACE Server | Database Administration
- Select Agent Host | Generate Configuration Files
- Copy the generated file to C:\WINDOWS\system32 on the Authentication Agent
- Check the server status as above


A client side workaround, courtesy of Niclas Sandström. Tested and verified in Windows 2008 RSA Web Agent 7 IIS Windows. Create a C:\WINDOWS\system32\sdopts.rec (x86) or C:\WINDOWS\SysWOW64\sdopts.rec (x64) to specify server preferences:

; ------------------------------------------
;
; 0    = Never use this server.
; 1    = Use server only if no other server is working.
; 2-10 = Priority order (10 = highest). Prio 10 is used 24 times more than prio 2.
;
; ------------------------------------------
;
USESERVER=10.1.1.10, 10 ; SERVER1
USESERVER=10.1.1.20, 1  ; SERVER2
USESERVER=10.1.1.30, 0  ; SERVER3

Each time that you modify the sdopts.rec file, you must restart the Agent to register your changes.