Symptom: Users trying to log in with SSL Proxy Authentication are unable to, and get back the error message:
"Login failed. Please try again""
SSO (Proxy Authentication with CLNTRUST) is working fine. The users are typing in the fully-distinguished user ID + tree name, as in:
userid.ou.o.tree, and it still doesn't work.
Solution: Delete the Login Policy Object (LPO) from the Security container. Then, find the lpocache.dat in the SYS:SYSTEM directory of the BorderManager server and delete it. Finally, reboot the server.
Note: The LPO may be necessary when configuring Client-Site VPN on a BorderManager 3.5 server. You definitely need an LPO for ActivCard / RADIUS. However, the LPO normally does not stop SSL Proxy Authentication, so you should be able to get both SSL and the LPO to co-exist. Probably deleting and recreating it will solve the problem above. Be aware that you may need to create the LPO with theADMIN user, not an admin-equivalent user ID for it to work properly.