-
Titolo
Defender Desktop Login prompts for Token Response for excluded user -
Descrizione
When a user who is a member of an excluded group attempts to log into a Defender Desktop Login protected system they are prompted to enter a token response.
-
Causa
This can sometimes be caused because Defender is using the system account to read group membership and is failing. When Defender fails to establish whether the user is excluded from Defender authentication or not it defaults to requiring Defender authentication.
-
Risoluzione
One possible workaround is to allow configuration so that the credentials of the authenticating user are used. This may help if the above suggested cause is the issue in this scenario.
NOTE: It is recommended that this change be tested on a test server or workstation prior to implementing on any production system.
Create the following DWORD registry key on the test server or workstation:
HKEY_LOCAL_MACHINE\SOFTWARE\PassGo Technologies\Defender\Defender GINA
DWORD: Authenticate LDAP connection
Value: 1Now, test logging in as a user who was previously experiencing the issue.
If this workaround does not resolve the issue, please provide Support with a trace of the user logging on with this registry key set.
One Identity does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986 “Description of the Microsoft Windows registry” at Microsoft Support.
-
Informazioni aggiuntive
Note: This can sometimes be an issue if the user is logging in from a domain where only a one way trust is established.