User authentication does not work after you select the RSA SecurID option in ISA Server 2006, in Microsoft Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008

You configure a Web listener for a publishing rule in Microsoft Internet Security and Acceleration (ISA) Server 2006, in Microsoft Forefront Threat Management Gateway, Medium Business Edition, or in Windows Essential Business Server 2008. In this Web listener, you select the RSA SecurID option as the method that ISA Server 2006, Microsoft Forefront Threat Management Gateway, Medium Business Edition, or Windows Essential Business Server 2008 uses to validate client credentials. After you do this, you experience the following symptoms:

• User authentication does not work.
• The following error message is logged in the Application log:
  Event Type: Error
  Event Source: ACECLIENT
  Event Category: (1)
  Event ID: 1001
  Date: date
  Time: time
  User: N/A
  Computer: ServerName
  Description: File not found: C:\Program Files\Microsoft ISA Server\SDCONFIG.
  Data: 0000: 00000000

Note If you use the Sdtest.exe command-line tool to test authentication, authentication appears to work correctly.

This problem may occur if one or both of the following conditions are true:

• The computer that is running ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition has multiple network interfaces. Additionally, the PrimaryInterfaceIP registry entry does not contain the IP address that ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition uses to communicate with the RSA ACE/Server.
• The shared secret file is not stored in the correct location.

To troubleshoot this problem, follow these steps:

1. If the computer that is running ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition has multiple network interfaces, verify that the PrimaryInterfaceIP registry entry contains the IP address of the network interface that ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition uses to communicate with the RSA ACE/Server. This registry entry is located in the following registry subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\AceClient\
2. Verify that all the sessions that are connected to the published server by using the Web publishing rule are closed or disconnected.
3. If you used the Sdtest.exe command-line tool to create the shared secret with the RSA ACE/Server, you must copy the shared secret file from the %windir%\System32\Sdconfig folder to the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition installation folder's Sdconfig subfolder. For example, if ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition is installed in the %ProgramFiles%\Microsoft ISA Server folder or in the Microsoft Forefront Threat Management Gateway, Medium Business Edition folder, copy the shared secret file from the %windir%\System32\Sdconfig folder, and then paste it in the %ProgramFiles%\Microsoft ISA Server\Sdconfig folder.
4. Stop and then restart the Microsoft Firewall service.

For more information about authentication support for the RSA SecurID option in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition, visit the following Microsoft Web site: