Error message "Can not convert logon name: lab\\tstuser1 to UPN error: 0" during IWA authentication in RSA Access Manager
Originally Published: 2007-07-12
Article Number
Applies To
RSA Product/Service Type: Web Agent IIS 4.7
Platform: Microsoft Internet Information Services (IIS) 6.0, 5.0
Issue
<Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Debug>:Constructed upn: (null) <Warning>:Failed to obtain upn
Cause
Resolution
An alternative solution would be to perform the IWA authentication on an IIS webserver that is in the same domain as the user. This would be done by specifying a full url (hostname included) for the IWA authentication form in the webagent.conf. The server that does IWA authentication must also have the Access Manager agent installed.
If you have verified the 2 way trust and still have the problem, it could be the account that the application pool in IIS6 is running as does not have sufficient privileges to look up the upn of the user in the other domain. Try running the application pool as a privileged user such as an administrator account to see if this is the case. Then either modify the original account or create a new account to run the application pool as.
IIS5 has a requirement that the iisinfo process run as LocalSystem. If this account is unable to perform the upn check then it is a limitation of the webserver version. To get past this issue, point the url for IWA authentication to an IIS6 webserver.
Notes
Related Articles
Users can not open The SDTID file in some mail applications Number of Views RSA Identity Governance and Lifecyle users who do not belong to role can not be identified Number of Views Local entitlements are no longer visible in Directory/Application in RSA Identity Governance & Lifecycle Number of Views How to set up a CRL Distribution Point in a certificate during certificate manual approval Number of Views Licensing for Oracle Automatic Workload Repository (AWR) with RSA Governance & Lifecycle Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
