Error message "Can not convert logon name: lab\\tstuser1 to UPN error: 0" during IWA authentication in RSA Access Manager
Originally Published: 2007-07-12
Article Number
Applies To
RSA Product/Service Type: Web Agent IIS 4.7
Platform: Microsoft Internet Information Services (IIS) 6.0, 5.0
Issue
<Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Debug>:Constructed upn: (null) <Warning>:Failed to obtain upn
Cause
Resolution
An alternative solution would be to perform the IWA authentication on an IIS webserver that is in the same domain as the user. This would be done by specifying a full url (hostname included) for the IWA authentication form in the webagent.conf. The server that does IWA authentication must also have the Access Manager agent installed.
If you have verified the 2 way trust and still have the problem, it could be the account that the application pool in IIS6 is running as does not have sufficient privileges to look up the upn of the user in the other domain. Try running the application pool as a privileged user such as an administrator account to see if this is the case. Then either modify the original account or create a new account to run the application pool as.
IIS5 has a requirement that the iisinfo process run as LocalSystem. If this account is unable to perform the upn check then it is a limitation of the webserver version. To get past this issue, point the url for IWA authentication to an IIS6 webserver.
Notes
Related Articles
Users can not open The SDTID file in some mail applications Number of Views RSA Identity Governance and Lifecyle users who do not belong to role can not be identified Number of Views IWA RSA connector server shows wrong certificate when connecting to it through browser with error : Invalid Request Number of Views Signature cryptographic validation not successful error for all RSA SecurID Access integrated Windows Authentication (IWA)… Number of Views A "Page Not Found" error is displayed after logging in to the RSA Community, myRSA, or the RSA Partner Portal Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
