Problem:
During logon to ProfileUnity console, users get an error message: "impersonation failed do to LogonUser Only account that can login is local "Admin" account.
or
Possible causes:
Possible Causes:
- Users may not be allowed to logon to the ProfileUnity Console server (Interactive Logon privilege denied)
- The ProfileUnity Console server has a policy disabling the Secondary Logon Service
- Common Access Card (CAC) Authentication is enforced for the user(s) in question
Possible Resolution(s):
Follow current Process https://docs.liquidware.com/profileunity/en-us/685/configuring-cac-authentication/configuring-cac-authentication.htm
- RDP or console into the ProfileUnity Server and set the Liquidware Labs ProfileUnity Service to run as a domain service account. The service account must be a member of the local server Administrators group. If this is a ProfileUnity cluster, complete this for all nodes.
- Edit the "C:\Program Files (x86)\Liquidware Labs\ProfileUnity\ProfileUnity.Host.exe.config" Changing the DisableImpersonation setting from false to true.
- Restart the Liquidware Labs ProfileUnity Service.
- Log in to the ProfileUnity Management Console.
- Hover over your username in the top right corner of the screen.
- In the drop-down menu that appears, click Administration.
The Administration screen opens with the Settings tab displayed. - Click the Access and Authentication tab in the top right corner of the screen.
- In the Access Management section, click the Add Access button. In the New User or Group pop-up, click the Link to Active Directory checkbox, select the Active Directory domain and type the partial group name in the search box. Find the AD group created for Active Directory Console Administrators. Ensure the account type is Administrator. Click Save.
- In the Role Management section, enter the Active Directory username and password to serve as the Service Account for Deployment.
- Click the Add/Update button.
Additional reference to consider:
Product: ProfileUnity
Product Version: 6.8.5