SecureLogin data not stored in AD, error -372 BROKER_ACCESS_IS_DENIED
This document (7011616) is provided subject to the disclaimer at the end of this document.
"BROKER_ACCESS_IS_DENIED(-372) error returned after entering credentials when prompted during initial execution of an Application Definition.
Protocom-SSO-Auth-Data attribute shows as “not set” in Users and Computers, properties of the user, “Attribute Editor” tab. Other Protocom-SSO-* attributes exist and have values as expected.
If passphrases are enabled user is prompted for passphrase each time SecureLogin launches.
If including inheritable permissions does not resolve the problem, the following might help:
Rerun ADSchema.exe and when prompted for the place to assign rights point directly to the problem user.
Rerun ADSchema.exe on a primary domain controller while logged in as THE Administrator.
Delete the user's SecureLogin configuration in the management utility (shown below), then delete the users' local cache as described in “Fix 1” of TID 7006706 , and have them start over with SecureLogin. Where to delete the users's SecureLogin configuration:
4. Delete and recreate the users in AD.
Note: The "auth-data" attribute should always be set when a user has been activated for SecureLogin. This attribute is used to encrypt and decrypt SecureLogin data. With "auth-data" not set, SecureLogin would not be able to encrypt or decrypt data, and therefore not be able to read or write to the directory. When passphrases are used the value of this attribute is based on the passphrase; in environments where the passphrase is not used, it is based on the user name.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011616
- Creation Date:11-JAN-13
- Modified Date:11-JAN-13
Did this document solve your problem? Provide Feedback