hi,

NetIQ SecureLogin 8.1.1
F5 Big-IP Edge Client
Build: 7104,2017,317,1402
Windows 10 Enterprise, Build 14393

We are in the process of implementing a VPN-Solution with F5 Big-IP. Our
goal is to let the VPN-client use the logged on users credentials for
transparent authentication against the Active Directory domain, which
does work if no SecureLogin-Client is installed.
To be more specific if the installed SecureLogin-Client has the
'Seamless Signon with Windows Authentication' installed/set, the
VPN-Client can make no use of the users credentials ('Seamless Signon
with Windows Authentication': in essence makes use of the users
credentials to 'unlock/decrypt' the users stored credentials in Active
Directory, see: http://tinyurl.com/lzxa5wp)
We tried to shut down Securelogin, terminate all running SSO processes,
set SecureLogin inactive without success. We tried this with NetIQ
SecureLogin 8.5.1 as well to be sure, there'd be not an issue with
8.1.1. Same behaviour. Only deinstalling Securelogins 'Seamless Signon
with Windows Authentication' helped.

The Big-IP Edge Client logs the following exceptions:
2017-04-10,12:56:37:477, 4124,3544,, 1, \UserProfile.h, 57,
UserProfile::Load, EXCEPTION - LoadUserProfile Failed (5 (0x5) Access
denied)
2017-04-10,12:56:37:477, 4124,3544,, 1, \UserProfile.h, 66, , EXCEPTION
caught
2017-04-10,12:56:37:477, 4124,3544,, 1, \logonnotify.cpp, 443,
CredentialsCapture, EXCEPTION - Failed to Load User Profile
2017-04-10,12:56:37:477, 4124,3544,, 1, \logonnotify.cpp, 498, ,
EXCEPTION caught

Anyone more understanding what is going on here, and possibly what to
change to get both clients to work? Is there an option to change
securelogins configuration in a way to let Big-IP Edge Client consume
the credentials as well?

thanks in advance, florian


--
florianz
------------------------------------------------------------------------
florianz's Profile: https://forums.netiq.com/member.php?userid=309
View this thread: https://forums.netiq.com/showthread.php?t=57782