TSS7060E MFA20107 RADIUS Access_Challenge returned
search cancel

TSS7060E MFA20107 RADIUS Access_Challenge returned

book

Article ID: 208912

calendar_today

Updated On:

Products

Top Secret Advanced Authentication Mainframe

Issue/Introduction

Mainframe logon (application TPX) receives the following on the TPX  Logon screen: 

TSS7060E MFA20107 RADIUS Access_Challenge returned

 MFASTC STDOUT
2021-02-11 19:34:12,501 ThreadID:21 -- RADIUS returned Access-Challenge packet...                                       
2021-02-11 19:34:12,503 ThreadID:21 -- Access-Challenge packet reply message = 'Enter Your Microsoft verification code' 



 

 
 
 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The message "RADIUS returned Access-Challenge packet" normally means that there's an issue with the user's Token code on the Radius server-side. 
Typically it's a Next-token event to resynchronize (reset) the token after a number of passcode failures. 
 
Top Secret AAM has Next-token support for RSA,  but currently  "Radius" does not support Next-token resync from the end-user's terminal. It needs to be resync'd from the server admin function. 
Check the user's account from the Radius server admin function to see if the token is in Next-token status.
It is also possible the user's account is locked.
 
Typically, when the user is locked out or requires resync, they would be notified via email or they can sign-on to their self service site to resync.