Adding a third RSA server causes SMS login issues
||R80.10, R80.20, R80.30, R80.40, R81
- When the user adds a third RADIUS server object to authenticate users for SmartConsole logins, SmartConsole audit logs show this error:
eason_msg = Access denied - wrong user name or password and log_reason = Failed to generate RADIUS auth request".
- FWM debug on SMS shows:
fwm_cpmi_auth_handler_2: Login failed for : Wrong Password
- FWM below debug shows:
Administrator was not found in fwm database".
- Changing the color code on the RADIUS server objects resolves the issue.
- Changing the IP address of the host object used by a Radius server can cause this issue.
The RADIUS cache is not updated after the user changes a RADIUS server's host object IP.
This problem was fixed. The fix is included in:
If you choose not to upgrade, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification, please collect CPinfo files from the Security Management Server and Security Gateways involved in the case.
Hotfix installation instructions:
Refer to sk168597 - How to install a Hotfix.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.