Error message "Can not convert logon name: lab\\tstuser1 to UPN error: 0" during IWA authentication in RSA Access Manager
Originally Published: 2007-07-12
Article Number
Applies To
RSA Product/Service Type: Web Agent IIS 4.7
Platform: Microsoft Internet Information Services (IIS) 6.0, 5.0
Issue
<Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Error>:Can not convert logon name: lab\\tstuser1 to UPN, error: 0 <Debug>:Constructed upn: (null) <Warning>:Failed to obtain upn
Cause
Resolution
An alternative solution would be to perform the IWA authentication on an IIS webserver that is in the same domain as the user. This would be done by specifying a full url (hostname included) for the IWA authentication form in the webagent.conf. The server that does IWA authentication must also have the Access Manager agent installed.
If you have verified the 2 way trust and still have the problem, it could be the account that the application pool in IIS6 is running as does not have sufficient privileges to look up the upn of the user in the other domain. Try running the application pool as a privileged user such as an administrator account to see if this is the case. Then either modify the original account or create a new account to run the application pool as.
IIS5 has a requirement that the iisinfo process run as LocalSystem. If this account is unable to perform the upn check then it is a limitation of the webserver version. To get past this issue, point the url for IWA authentication to an IIS6 webserver.
Notes
Related Articles
Error: 'AttributePluginException: error encountered while trying to convert a user property: samlattr6: java.lang.IllegalA… Number of Views How do I convert an OID in string form into ASN.1 binary? Number of Views How to minimize outage time when converting from a standalone to a clustered RSA Identity Governance and Lifecycle deployment Number of Views Question: Can unmapped (also known as orphan) events be converted to mapped events Number of Views Converting a NCLOB to a VARCHAR2 in TO_DATE after error ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conve… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 RSA announces End of Life EOL dates for RSA MyAccessLive Service RSA Authentication Manager 8.9 Administrator's Guide
Don't see what you're looking for?
