RSA Secure Logon via SecurID Passcode

Our RSA administrators are required to use 2 Factors Authentication (2FA) for access to the RSA Security Console.  However, the RSA Secure Logon prompts for Password by default.  The administrator is not able to logon using SecurID Passcode (i.e. RSA 2FA).

  

In order to enable the administrators to access the RSA Security Console using RSA 2FA, the following steps are carried out to enable logon via SecurID Passcode:

1.     Access the Security Console via https://<FQDN>:7004/console-ims and select Authentication Methods under the Setup tab.  You will notice that the Console Authentication was configured to accept either LDAP_Password or RSA_Password.

2.     Append /SecurID_Native immediately after RSA_Password/LDAP_Password under Console Authentication and click Save.

3.     When the Confirmation Required dialog box appears, click on the box beside Update Authentication Methods Configuration Confirmation: to update authentication methods configuration and click on Update Authentication Methods Configuration.
 

4.     The next screen will shows the below message:

              Updated authentication configuration setting.

5.     Logout off from the Security Console and re-access the Security Console via https://<FQDN>:7004/console-ims.

6.     You will notice that the RSA Secure Logon allows the administrator to select the different Authentication Method (i.e. either Password or SecurID Passcode).

 

The administrators will now able to access the Security Console using 2FA via the SecurID Passcode (i.e. PIN + RSA token code).

Error 1324: The path RSA Security contains an invalid character (2)

Due to a security vulnerability found in the older version of the RSA agent, we upgraded the RSA agent for all Windows 2003 servers to 7.1.2.  Majority of the upgrade were smooth except the 2 Exchange 2003 servers.  When trying to upgrade the RSA agent on the Exchange servers to version 7.1.2, we encountered the below error message:

Error 1324: The path RSA Security contains an invalid character.

Removing the RSA related folders and registry settings mentioned in the previous blog post does not help. 

We found out that the service “RSA Authentication Agent Offline Local” still appear under Services although we have uninstalled the RSA agent which is of an older version.  The Status is blank although the Startup Type = Automatic.

Did a search for the registry key related to “RSA Authentication Agent Offline Local” and found the below registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OASVC_Local

We deleted the key and did a reboot of the Windows 2003 x86 server. After that, we re-install the RSA Agent again without any problem.

 

Windows 2012 Server Core: How To Get Back The Command Prompt?

Many of us are used to type exit to close off the Command Prompt.  In older versions of the Windows OS, it is easier to get back the Command Prompt.  This is not so for those Server Cores, the Command Prompt will not re-appear even if you tried to logout of the server and logon again.

In order to get back the Command Prompt, the following steps need to be carried out:

1.     Press and hold all the 3 keys; [Ctrl] + left [Shift] + [Esc]

2.     When the Task Manager will opened up, click File > Run new task.

3.     Key cmd and click the OK button

The Command Prompt will then appear.

 

Windows 2012 Server Core: How To Get Windows Explorer?

In order to get the Windows Explorer, the following steps need to be carried out:

1.     Open up the Task Manager by issuing the below command at the command prompt:

C:\taskmgr

2.     Click File > Run new task and click on the Browse… button.

The Windows Explorer will then appear.
 

Windows 2012 Server Core: About Windows Updates

Some Window 2012 Server Core servers have gone “live” in our production environment.  Hence, I am expected to know how to manage those servers.  In this post, it will be about Windows Updates for the Server Cores. 

In order to verify the current Windows Update setting, the below command need to be issued at the command prompt:

C:\windows\system32>cscript scregedit.wsf /au /v

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update AUOptions Value not set.

In order to start the Windows Update service, the below command need to be issued at the command prompt:

C:\windows\system32>net start wuauserv

The Windows Update service is starting.

The Windows Update service was started successfully.

In order to view updates installed on a specific date (i.e. 13 Sep 2013), the below command need to be issued at the command prompt:

C:\wmic qfe where (installedon like “9/13/2013”)

http://support.microsoft.com/?kbid=2853587 KANDTIDC Security Update

KB2853587 KANDTI\Admin 9/13/2013
http://support.microsoft.com/?kbid=2870699 KANDTIDC Security Update
KB2870699 KANDTI\Admin 9/13/2013
http://support.microsoft.com/?kbid=2871389 KANDTIDC Security Update
KB2871389 KANDTI\Admin 9/13/2013
http://support.microsoft.com/?kbid=2871777 KANDTIDC Security Update
KB2871777 KANDTI\Admin 9/13/2013

In order to view a specific update (i.e. KB285387), the below command need to be issued at the command prompt:

C:\wmic qfe where “HotfixID = ‘KB285387’”

http://support.microsoft.com/?kbid=2853587 KANDTIDC Security Update

KB2853587 KANDTI\Admin 9/13/2013