When logging in with the Advanced Login GINA the following error is displayed:
"Authentication Error: You are not allowed to register your authentication key pair.
Error code: 0x8200200b"
This is due to the user not having privileges to access to their own ESSO attributes.
Re-run the ACL tool included on the installation CD. Select the following option:
"Extend Active Directory Schema"
Continue through to the "Enable the use of software" section.
Ensure that the OU in which the user resides (or a parent container), has been ticked and applied.
Certain groups can be excluded from ESSO Advanced Logon authentication. This option will disable all ESSO ability for the user however:
1. Create a new group in AD called "No-SSO"
2. Open the ESSO console.
3. Edit the access point profile that applies to the user workstations.
4. Click the "Advanced Login" tab, and select the "Excluded Accounts" tab.
5. Add the "No-SSO" group into this list.