Should your Authlogics MFA deployment not operate as expected and logins are failing for some or all users, below is a step-by-step process to follow which will help isolate the issue and determine where the issue may be.
Firstly, if the issue is impacting All the users, then the most likely cause is at the server level. Conversely, if the issue is only impacting a single user / workstation, then the issue is most likely localised to their workstation or user account.
Should any failures or steps fail, refer to the Windows Event Logs - Application Logs for a potential reason for the failure. Failures will be reflected by Warning and Error messages.
In order to troubleshoot your MFA deployment, please perform the following steps:
- When using the Authlogics Authenticator app, ensure that the time and locale of both the mobile device and the Authlogics Authentication Server are correct. Authlogics MFA utilises the UTC time and unique device ID to generate OTCs on the mobile device and, should the times be significantly off (typically a few minutes), the OTCs expected by the server will not be what the user is supplying resulting in failed logins.
- On an Authlogics Authentication Server, open the Self-service Portal and ensure that you are able to use MFA to authenticate the user having the issue.
- Repeat this process for all Authlogics Authentication Servers deployed in the environment.
- On a client workstation, using a web browser, ensure that you can browse to all the Authlogics Servers' self-service portal on ports 14443 and/or 443.
- Should this step fail, then no agents will be able to operate as they communicate with the Server over HTTPs.
- Ensure that the all firewalls and routing allows communication from the agents to the server over HTTPs.
- Should you be able to browse to the self service portal on a port other than 14443 (443 as an example), please ensure that you agents are configured to access the Authentication servers over Port 443.
- Using the Authlogics agent, retry an MFA user login.
- If this fails still, open the Windows Event Logs - Application and look for any indication of an error/warning which will provide insight to what the issue may be.
- Ensure that the Agent is detecting that the Agent is reflecting Online. The screenshot below is from the Desktop Agent showing the Agent is Online
If all the tests above pass but the Agent is reflecting Offline, there most likely cause is that the Online detection is timing out. This timeout can be increased for all the Authlogics agents. Increase the timeout and retry the operation.
Please refer to the Agent's documentation on how to increase the Authlogics Authentication Server timeout.
If the issue persists, please enable the Diagnostic logging and send the resulting logs and detailed description of the issue to Authlogics Support for further assistance.
Please refer to the relevant Authlogics software's KB articles for details on how to enable diagnostic logging:
0 Comments