Forefront Threat Management Gateway

All the latest news and tips on Microsoft Forefront Threat Management Gateway

Walk-through for RSA SecurID Authentication for TMG 2010 Part 1: RSA Authentication Manager 7.1 Server Configuration

Walk-through for RSA SecurID Authentication for TMG 2010 Part 1: RSA Authentication Manager 7.1 Server Configuration

  • Comments 3
  • Likes


Disclaimer: Many of the steps outlining the configuration of the RSA Authentication Manager v 7.1 software are not directly supported by Microsoft. They should be used as a guideline to help familiarize and guide you in this configuration. For additional assistance in directly configuring the RSA Authentication Manager Software, please review your RSA SecurID documentation.

Creating Users and Authentication Agents

Import Tokens from Seeds files

The seed can be an *.asc or *.xml file and is typically supplied with the token<s>. The seed is the tokens’ factory encoded random key. Each token has a unique key (seed). The seed file is imported into the associated RSA Authentication Manager server.


Add users and assign a Token to each user

User accounts information is added to the RSA Authentication Manager. New users are created under the ‘Identity’ tab using the RSA Security Console. These accounts can be AD accounts or manually created. Each account created is assigned a Token.


Synchronize the Token

Each Token has a built-in clock that must be in sync with the RSA Authentication Managers’ clock. If the Tokens’ clock is out of sync, authentication will fail. It is typically a good idea to synchronize the Token after assigning it to a user.

Create Authentication Agents

Authentication Agents are servers or devices that directly authenticate against the RSA Authentication Manager. In this case, the ‘Authentication Agent’ is the TMG server <s>. You should create a unique ‘Authentication Agent’ for each TMG server in the array.

Use the resolvable FQDN for the Agent Host

When creating the Agent Host entry, make sure to use the Fully Qualified Domain Name of the ISA server. Also make sure that the RSA Authentication Manager server can correctly resolve this FQDN to the correct internal IP address of the TMG server <s>.

Select “Standard Agent” as the Agent Type



Create Configuration File (sdconf.rec) and Node Secrets

Create SDCONF.REC file for each Authentication Agent (each TMG Array Member)

A global SDCONF.REC is generated that contains information for each Authentication Agent. The SDCONF.REC contains RSA Authentication Manager configuration information. This includes ports, processes, etc., essential to the authentication service.

• Copy the SDCONF.REC file from the RSA Authentication Manager to its matching Agent Host computer (i.e. TMG Array Member). Copy to …\system32 and ..\Microsoft TMG Server\sdconfig.

• Create the Node Secrets. The Node Secret is used to authenticate the Authentication Agent machine with the RSA Authentication Manager server. You need to create a separate Node Secret for each Authentication Agent. (Note: There are two separate options available)

1. On the RSA Authentication Manager Server

   • Manually create a node secret for each Authentication Agent. Manually creating a Node Secret on the RSA server creates a file call NODESECRET.REC.

   • Copy each NODESECRET.REC to the matching Authentication Agent machine (i.e. TMG Server) (Note: location you copy to is not important)

   • Copy AGENT_NSLOAD.EXE from the RSA Server to each TMG Array Member (Note: location you copy to is not important)

2. On the TMG Array Members

   • Automatically create Node Secrets using SDTEST.EXE on the TMG Array Members (details to follow)



Richard Barker - Sr Security Support Escalation Engineer, Microsoft CSS Forefront Security Edge Team

  • Can i install RSA Authentication Manager on Hyper-V?

    Many thanks

  • Yes you can, Maz.

  • Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment