ESET Secure Authentication (ESA) Setup ChecklistKB Solution ID: SOLN3290|Last Revised: March 13, 2013
- Install and configure ESET Secure Authentication (ESA)
- Grant remote access to the Outlook Web App (OWA) or Virtual Private Network (VPN)
- Troubleshoot issues with ESA
Before installing and configuring ESET Secure Authentication, we highly recommend that you read the Installation Manual.
Verify the items on the checklist below to prevent/troubleshoot common issues with ESET Secure Authentication (ESA):
✓ Active Directory (AD) is installed and functional
✓ ESA services are being deployed in a supported environment under the domain Administrator account (that is, domain\Administrator)
- ESA is supported on Microsoft Windows 2003 Server SP2 and higher
✓ Active Directory users have mailbox accounts with Microsoft Exchange for Outlook Web App (OWA) access
✓ ESA services are running
✓ Mobile telephone numbers are entered for each Active Directory user in the following format: international code/area code/number
- For example: 16195555555, where 1 is the international code and 619 is the area code
✓ The ESET Secure Authentication mobile app is installed and configured on client phones
✓ ESA RADIUS Server is configured properly
- In order for your ESA RADIUS server(s) to be utilized by your existing VPN server, you will need to reconfigure your VPN server according to section 7.3 of the Installation Manual.
- If the ESA RADIUS server must be installed on the VPN server, configure RRAS/NPS to listen for RADIUS requests on a different port, such as 1645.
✓ Your ESA Server is activated
Once the ESA Server has been installed, you need to activate it using the ESET-issued Username and Password that you received after purchasing your product. To activate your ESA Server:
- Launch the ESA Management Console.
- Navigate to your domain node.
- Enter the Username and Password for your ESA license. The ESA Server will obtain its license automatically and display the current license information.
✓ Outlook Web App (OWA) plugin is installed and properly configured
The OWA plugin should be installed on the machine running your Microsoft Exchange server.
✓ VPN client is set up properly for the use of the ESA mobile application and compound authentication
- No Encryption Allowed
- Unencrypted password (PAP) protocol is allowed
✓ When authenticating using a VPN and SMS one-time passwords, the end-user must enter their unique one-time password (OTP) the second time they are prompted for credentials
During two-factor authentication using SMS messages on a VPN, an end-user might confuse the second password prompt and attempt to re-enter their Active Directory credentials. If they submit the wrong credentials too many times, that user will be locked out and will not be able to authenticate until the administrator unlocks their account.