TSS7060E MFA20107 RADIUS Access_Challenge returned


Article ID: 208912


Updated On:


Top Secret Advanced Authentication Mainframe


Mainframe logon (application TPX) receives the following on the TPX  Logon screen: 

TSS7060E MFA20107 RADIUS Access_Challenge returned

2021-02-11 19:34:12,501 ThreadID:21 -- RADIUS returned Access-Challenge packet...                                       
2021-02-11 19:34:12,503 ThreadID:21 -- Access-Challenge packet reply message = 'Enter Your Microsoft verification code' 




Release : 16.0

Component : CA Top Secret for z/OS


The message "RADIUS returned Access-Challenge packet" normally means that there's an issue with the user's Token code on the Radius server-side. 
Typically it's a Next-token event to resynchronize (reset) the token after a number of passcode failures. 
Top Secret AAM has Next-token support for RSA,  but currently  "Radius" does not support Next-token resync from the end-user's terminal. It needs to be resync'd from the server admin function. 
Check the user's account from the Radius server admin function to see if the token is in Next-token status.
It is also possible the user's account is locked.