florianz1 Absent Member.
Absent Member.
1500 views

seamless login troubles f5 big-ip vpn client


hi,

NetIQ SecureLogin 8.1.1
F5 Big-IP Edge Client
Build: 7104,2017,317,1402
Windows 10 Enterprise, Build 14393

We are in the process of implementing a VPN-Solution with F5 Big-IP. Our
goal is to let the VPN-client use the logged on users credentials for
transparent authentication against the Active Directory domain, which
does work if no SecureLogin-Client is installed.
To be more specific if the installed SecureLogin-Client has the
'Seamless Signon with Windows Authentication' installed/set, the
VPN-Client can make no use of the users credentials ('Seamless Signon
with Windows Authentication': in essence makes use of the users
credentials to 'unlock/decrypt' the users stored credentials in Active
Directory, see: http://tinyurl.com/lzxa5wp)
We tried to shut down Securelogin, terminate all running SSO processes,
set SecureLogin inactive without success. We tried this with NetIQ
SecureLogin 8.5.1 as well to be sure, there'd be not an issue with
8.1.1. Same behaviour. Only deinstalling Securelogins 'Seamless Signon
with Windows Authentication' helped.

The Big-IP Edge Client logs the following exceptions:
2017-04-10,12:56:37:477, 4124,3544,, 1, \UserProfile.h, 57,
UserProfile::Load, EXCEPTION - LoadUserProfile Failed (5 (0x5) Access
denied)
2017-04-10,12:56:37:477, 4124,3544,, 1, \UserProfile.h, 66, , EXCEPTION
caught
2017-04-10,12:56:37:477, 4124,3544,, 1, \logonnotify.cpp, 443,
CredentialsCapture, EXCEPTION - Failed to Load User Profile
2017-04-10,12:56:37:477, 4124,3544,, 1, \logonnotify.cpp, 498, ,
EXCEPTION caught

Anyone more understanding what is going on here, and possibly what to
change to get both clients to work? Is there an option to change
securelogins configuration in a way to let Big-IP Edge Client consume
the credentials as well?

thanks in advance, florian


--
florianz
------------------------------------------------------------------------
florianz's Profile: https://forums.netiq.com/member.php?userid=309
View this thread: https://forums.netiq.com/showthread.php?t=57782


0 Likes
2 Replies
AutomaticReply Absent Member.
Absent Member.

Re: seamless login troubles f5 big-ip vpn client

florianz,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Highlighted
aigregdomjan Absent Member.
Absent Member.

Re: seamless login troubles f5 big-ip vpn client

One option would be to change the provider order,
- this can be a chore to address in installation because each product that tries to work in this space seems to need to know all the others to check during install and order appropriately.

Another option to try might be to turn on "Roaming" during installer
- which would set the ForceHKLMandNoDPAPI DWORD registry with value of 1
This should stop the 'Seamless Signon with Windows Authentication' module from LoadUserProfile before Big-IP tries to do the same.

Greg Domjan Senior Software Engineer
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.