Error message "Can not convert logon name: lab\\tstuser1 to UPN error: 0" during IWA authentication in RSA Access Manager
Originally Published: 2007-07-12
Article Number
Applies To
RSA Product/Service Type: Web Agent IIS 4.7
Platform: Microsoft Internet Information Services (IIS) 6.0, 5.0
Issue
<Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Debug>:Constructed upn: (null) <Warning>:Failed to obtain upn
Cause
Resolution
An alternative solution would be to perform the IWA authentication on an IIS webserver that is in the same domain as the user. This would be done by specifying a full url (hostname included) for the IWA authentication form in the webagent.conf. The server that does IWA authentication must also have the Access Manager agent installed.
If you have verified the 2 way trust and still have the problem, it could be the account that the application pool in IIS6 is running as does not have sufficient privileges to look up the upn of the user in the other domain. Try running the application pool as a privileged user such as an administrator account to see if this is the case. Then either modify the original account or create a new account to run the application pool as.
IIS5 has a requirement that the iisinfo process run as LocalSystem. If this account is unable to perform the upn check then it is a limitation of the webserver version. To get past this issue, point the url for IWA authentication to an IIS6 webserver.
Notes
Related Articles
Users can not open The SDTID file in some mail applications Number of Views RSA Identity Governance and Lifecyle users who do not belong to role can not be identified Number of Views Form element control type "Drop Down Select with Web Service" displays validation exception as a value in RSA Identity Gov… Number of Views Changes to the Manual Fulfillment Node in an AFX Fulfillment Workflow are unable to be saved in RSA Identity Governance & … Number of Views RSA Governance & Lifecycle no longer displays memory allocation on startup. Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
