I have two netscalers running in an HA pair. Initially they were both running 9.3 (I know so old, doing a lot of cleanup here) I upgraded the passive node to 10.5. This morning I failed the 10.5 node over to become primary and began testing. When attempting to log into the access gateway using my username password and RSA key I was getting an invalid credentials error message.
I took a look in our RSA console and saw that there was an error being logged each time I attempted to log on "Authenticationmethod failed passcode format error". This message typically refers to an incorrect shared secret for the RSA client and server however I confirmed that the same shared secret was present. I did this by looking at the running config of both the active and passive nodes they both had the same encrypted RADKEY listed.
I also confirmed in the RSA console that the netscalers SNIP was listed and can see the error originating from the SNIP of the netscaler.
I have since failed back over to the netscaler running on version 9.3 until I can figure out why RSA is not passing the correct PIN.
From my understanding since these two were in a HA pair that the primary node and secondary node were in SYNC prior to the upgrade. This would mean that the RSA server and shared secret should be the same on each of the netscalers. This is what I don't understand is that failing back to the 9.3 version allows RSA auth to succeed and proceed to the published app screen.
Any help is appreciated.