The default location for the Defender Security Server log files is %ProgramFiles%\One Identity\Defender\Security Server\Logs.
To analyse the Defender Security Server log files, take the following actions:
<Time> Radius request: Access-Request for <User Id> from <Client IP> through NAS:<Access Node Name> Request ID: <N/A> Session ID: <Unique Session ID>
Tue 18 Aug 2009 11:57:10 Radius Request from 192.168.10.106:2951 Request ID: 31
Tue 18 Aug 2009 11:57:10 Radius request: Access-Request for testuser from 192.100.10.106:2951 through NAS:WebMail Request ID: 31 Session ID: 8A89040F
Tue 18 Aug 2009 11:57:10 User testuser authenticated with Active Directory Password Session ID:8A89040F
Tue 18 Aug 2009 11:57:10 Radius response: Authentication Acknowledged User-Name: testuser, Request ID: 31 Session ID: 8A89040F
Message |
Meaning |
Recommended actions |
|
Incorrect token response. |
|
|
User’s account is locked in Defender. |
Use the Defender Administration Console to reset violation count for the user. |
|
Incorrect Active Directory password. |
Verify the correct password is being entered. |
|
Session timed out while waiting for user response. |
Verify connectivity between the client and the Defender Security Server on the configured RADIUS port. |
Radius response: Authentication Rejected User-Name: testuser |
This message can be caused by one of the following:
|
|
|
Active Directory search has failed. This can happen if, for example, the child domain is unavailable. |
Verify that the Defender service account has sufficient permissions or is a member of the Domain Administrators group. |
|
The Defender service account does not have sufficient permissions in Active Directory to update the user’s token information. |
Verify that the Defender service account has sufficient permissions or is a member of the Domain Administrators group. |
If Step 1: Gather required information and Step 2: Analyze Defender Security Server log have not resolved the issue, further diagnostics may be required, including collecting environmental details and tracing. Contact One Identity Support for advice on how to enable tracing. You will need to provide the version number of the Defender Administration Console and Defender Security Server you are using. Normally, you can find the Defender trace files in the following location: %ProgramData%\One Identity\Diagnostics.
Steps to troubleshoot DIGIPASS hardware token issues are:
If the answer is Yes to any of the next questions, refer to the steps described in One Identity Knowledge Article SOL45444 “Defender token failures”.
If the answer to the above questions is No, go to the next step.
If so, this means the token is set to display it’s type, that is, DIGIPASS GO 7, before the number. This is not an error. Ask the user to log on with the number displayed. If this is not successful, go to the next step.
If a six digit number is displayed immediately, go to the next step.
Gather and record the following information:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center