KB 140172: Unable to create a DIGIPASS User Account when a user performed a login in the past.2/24/2017 10:25:01 AM
With IDENTIKEY Authentication Server 3.10 with AD data store it’s impossible to create a DIGIPASS User Account when a user has performed a (failed) login in the past.
The error “Failed to execute create” is returned.
1. You have a user without a DIGIPASS User Account in Active Directory.
2. Check the VASCO Attributes of the user object with AdsiEdit. You will see that all values are <not set>
Now you see that the attributes vasco-LastAuthReqTime and vasco-ModifyTime have changed.
1. Open the user object in ADSIEDIT.MSC
2. Change the vasco-LastAuthReqTime and vasco-ModifyTime back to <not set>
3. Now you can create the DIGIPASS User Account.
This issue is solved in IDENTIKEY Authentication Server 3.11R2.
With this version, the attributes vasco-LastAuthReqTime and vasco-ModifyTime will not be set anymore upon a failed login attempt, before the DIGIPASS user account has been created.
If you still have users in AD, for which the attributes vasco-LastAuthReqTime and vasco-ModifyTime have already been modified, you will still have to apply the workaround described above.
Applies to: IDENTIKEY Appliance
KB 140172– 24/02/2017
© 2016 VASCO Data Security. All rights reserved.Was this helpful?