We are testing the RSA windows agent on a virtual desktop delivered by Citrix. After installing the agent on the VDI image, we consistently get authentication failed on every first attempt. Second attempt is successful every time.
We have tried with multiple user accounts and are getting the same results.
Those same users can authenticate just fine at the self-service console.
Has anyone ran into a scenario such as this? Documentation seems to be sparse on this particular topic.
Open the Security Console - Reporting - Real Time Monitor - Authentication.
Then watch some VDI first authentications, to see if they are reaching the AM servers. Or to see if there is some reason for the auth failure.
You can also set verbose logging on the Windows Agent RSA Control Center on the Windows VDI.
The trace.log or SIDAuthenticator(LogonUI).log will show if there was a response from AM or not.
Maybe when the VID first comes up, the VDI environment does not forward packets right away, so the AM server never gets the Authentication request therefore the agent first logon fails due to timeout from no response.