cancel
Showing results for 
Search instead for 
Did you mean: 

Secure Login Client, Windows Vista, Auto enroll certificate

Former Member
0 Kudos

We are using the NWSSO solution with X.509 certificates, and have run into a strange problem.

As part of our Windows AD policies, we provide an X.509 certificate to the user when they log in to the workstation. this is configured via AD group policies.

This certificate is NOT used by the NWSSO, but is used by other applications for user authentication.

With the latest Secure Login client (SP4 Patch level 2) installed, the auto certificate enrollment fails with error code (0x8009000a) Invalid type specified.

If we uninstall the Secure Logon client, the enrollment complete without any issues.

We encounter this issue only on Windows Vista. We do not see this issue on Windows 7.

Any thoughts/suggestions ?

Thanks - Avinadh

Accepted Solutions (0)

Answers (1)

Answers (1)

frane_milicevic
Active Participant
0 Kudos

Hi Avinadh,

maybe you can describe more in concrete what your use case / Secure Login configuration is?

Does the X.509 user certificates are provided by Secure Login Server or 3rd party PKI (e.g. Microsoft CA)?

In Secure Login Client, what is your target to use auto enrollment (what kind of Secure Login Server profile configuration is used)?

What is the difference between Windows Vista Client and Windows 7 Client?

One hint could be if you are using Microsoft Kerberos token to convert to an X.509 user certificate, that the symetric algorithm configuration (in Windows AD) could play a role?

Another hint is to check the Secure Login Client trace?

Maybe i make sense to create a support ticket and provide more information in detail?

Best regards,

Frane

Former Member
0 Kudos

Hi Frank,

  We are using Secure Login Server to provide short lived certificates.

The issue has nothing to do with auto-enrollment in the Secure Login Client, that feature is disabled.

The issue is with enrollment of Windows AD certificate on logon to the Windows desktop.

The same client is being used on Windows Vista and Windows 7. but the error only occurs on Windows Vista.

We have opened an OSS message, suggestion from SAP is to remove the csp component of the Secure Login Client, which resolves the issue.

Thanks - Avinash

frane_milicevic
Active Participant
0 Kudos

Hi Avinash,

thank you for your feedback (and sharing your results in this community) 🙂

Best regards,

Frane