Federated Authentication Service (FAS) | Unable To Launch App "Invalid User Name Or Wrong Password"
Article ID: CTX238881
Updated On:
Description
Federated Authentication Service (FAS) | Unable to launch apps "Invalid user name or wrong password"
System logs:
Event ID 8
The domain controller rejected the client certificate of user U1@abc.com, used for smart card logon. The following error was returned from the certificate validation process: A certificate chain processed correctly, but one of the CA certificate is not trusted by the policy provider.
Resolution
- Remove invalid certificates from NTAuthCertificates container.
- Ensure that we have only new certs in AD containers
- Run-> MMC-> file-> Add/remove snap in-> Select Enterprise PKI and click on Add
- Ensure that we have only new certs in AD containers
- Run-> MMC-> file-> Add/remove snap in-> Select Enterprise PKI and click on Add
Right click on Enterprise PKI and select 'Manage AD Containers'
Check in NTAuthCertificates container and verify that we have only the valid certificates here and remove all the expired certificates if found any:
Problem Cause
Old certificates were still present in AD containers hence while certificate chain gets processed it does not find the old certificates to be trusted by policy provider.
Was this article helpful?
Yes
No
Powered by
