|Applies To||RSA SecurID Passage 3.5.1|
Microsoft Windows XP
Microsoft Windows 2000
|Issue||RSA SecurID Passage 3.5.1 unable to update roaming profile for Active Directory Domain User|
Using Passage Logon, a User can successfully log in to the Windows 2000 domain. However, after logging off, the Roaming Profile for the user has not been updated. Also, if this is a new User, the roaming profile directory on the shared resource (as configured for the User through Active Directory) has not been created.
|Cause||This is a configuration issue with the Active Directory Server. We use the function call NetUSerGetInfo to retrieve the user profile information. When tracing is enabled, this function returns the error "ERROR_ACCESS_DENIED". This implies either the ACL's in the Active Directory Server have been changed from their default setting, anonymous access has been limited or stopped in some way, or Users are created with limited rights or group associations required for this function call.|
|Resolution||Please visit this Microsoft Web page which gives additional information about this particular issue. There are a number of resolutions that can be deployed depending on your Active Directory security policies. However, to verify the issue is not related to RSA SecurID Passage, use the following registry entry on the Active Directory Domain Controller:|
|Legacy Article ID||a22320|