TSS7060E MFA20107 RADIUS Access_Challenge returned

book

Article ID: 208912

calendar_today

Updated On:

Products

CA Top Secret CA Advanced Authentication Mainframe

Issue/Introduction

Mainframe logon (application TPX) receives the following on the TPX  Logon screen: 

TSS7060E MFA20107 RADIUS Access_Challenge returned

 MFASTC STDOUT
2021-02-11 19:34:12,501 ThreadID:21 -- RADIUS returned Access-Challenge packet...                                       
2021-02-11 19:34:12,503 ThreadID:21 -- Access-Challenge packet reply message = 'Enter Your Microsoft verification code' 



 

 
 
 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The message "RADIUS returned Access-Challenge packet" normally means that there's an issue with the user's Token code on the Radius server-side. 
Typically it's a Next-token event to resynchronize (reset) the token after a number of passcode failures. 
 
Top Secret AAM has Next-token support for RSA,  but currently  "Radius" does not support Next-token resync from the end-user's terminal. It needs to be resync'd from the server admin function. 
Check the user's account from the Radius server admin function to see if the token is in Next-token status.
It is also possible the user's account is locked.