Starting with Windows Server 2016 Microsoft introduced a new security feature called Local Security Authority (LSA) protection.
Enabling LSA protection requires that each driver that should be used by the local security process (lsass.exe) goes through a certification and validation process with Microsoft. The Password Capture Agent is such a driver. Lsass.exe will reject loading the driver. This can be viewed in the Windows Event Log.
In order to enable LSA protection please use the version of the Password Capture Agent that is available under the "Application" section of the software downloads page:
Identity Manager - Download Software
Please use this version rather than the MSI file distributed with the installation source.