The Password Capture agent from Quick Connect or the Active Roles Synchronization Service does not function, and logging is not generated even after it is enabled as per the troubleshooting steps.
When the Domain Controller boots, the System Event Viewer logs show the following error:
Event ID 16953
The password notification DLL CaptureAgentPasswordFilter failed to load with error 577. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (
The following error message may also show in the System Event Viewer Logs:
Event ID 3033
Code Integrity determined that a process (\PATH\lsass.exe) attempted to load \PATH\CaptureAgentPasswordFilter.dll that did not meet the Microsoft signing level requirements.
LSA Protection is enabled on the host Domain Controller.
This feature must be disabled in order for the Capture Agent to function.
On the Domain Controller, open the registry and browse to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
LSA Protection is enabled by creating a 32-bit DWORD with the name RunAsPPL and setting it to a value of 1
In order for the Capture Agent to function:
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy