TSS7060E MFA20107 RADIUS Access_Challenge returned
search cancel

TSS7060E MFA20107 RADIUS Access_Challenge returned


Article ID: 208912


Updated On:


Top Secret Advanced Authentication Mainframe


Mainframe logon (application TPX) receives the following on the TPX  Logon screen: 

TSS7060E MFA20107 RADIUS Access_Challenge returned

2021-02-11 19:34:12,501 ThreadID:21 -- RADIUS returned Access-Challenge packet...                                       
2021-02-11 19:34:12,503 ThreadID:21 -- Access-Challenge packet reply message = 'Enter Your Microsoft verification code' 




Release : 16.0

Component : CA Top Secret for z/OS


The message "RADIUS returned Access-Challenge packet" normally means that there's an issue with the user's Token code on the Radius server-side. 
Typically it's a Next-token event to resynchronize (reset) the token after a number of passcode failures. 
Top Secret AAM has Next-token support for RSA,  but currently  "Radius" does not support Next-token resync from the end-user's terminal. It needs to be resync'd from the server admin function. 
Check the user's account from the Radius server admin function to see if the token is in Next-token status.
It is also possible the user's account is locked.
Typically, when the user is locked out or requires resync, they would be notified via email or they can sign-on to their self service site to resync.