SecureLogin encountered an error while trying to authenticate

  • 7010740
  • 05-Sep-2012
  • 05-Sep-2012

Environment

NetIQ SecureLogin
NSL7.0 SP2
NSL7.0 SP3
Windows 7 workstations

Situation

User is not able to launch SecureLogin
Error: SecureLogin encountered an error while trying to authenticate
 
Problem only occurs on Windows 7 workstations, and for users new to SecureLogin.
Logging into an XP workstation with the new user fixes the problem; after launching SecureLogin from an XP box users can then login on Windows 7 and launch SecureLogin without error. 
 
 

Resolution

On the problem workstations, create or edit the following registry value under HKLM\SOFTWARE\Protocom\SecureLogin
ForceHKLMAndNoDPAPI (DWORD) set to 1 
 

Additional Information

This setting changes the NSL encryption, especially as used for Windows roaming profiles.  Specifically, it changes the way SecureLogin creates the unique user key that encrypts SecureLogin data. If this registry key is NOT set, the Microsoft DPAPI is used to generate a unique user key that is used to encrypt user credentials in the directory. This is the default mode.

This registry key is used when the MS DPAPI is not able to be accessed, and provides an alternate method of generating the unique user key.  Deployments using standard MS profiles do not use this key.  However, if you are using roaming, mandatory or temporary profiles, the DPAPI option does not work due to limitations in the Microsoft API (the MS DPAPI does not make itself available to these types of profiles). Creating this key allows those profiles to be handled correctly.