Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
NSL fails for Notes Client on CITRIX when the CITRIX administrators apply Windows Credential Roaming.
NSL fails for Notes Client on CITRIX when the CITRIX administrators apply Windows Credential Roaming to upload the certificates to AD.
When the CITRIX administrators apply Windows Credential Roaming to upload the certificates to AD.
Then when the user logs out and logs back in, the ID with the entropy (*.bin) appears to be no longer useful.
Thus NSL fails to work and the users are prompted for a Notesid password.
Some findings show that the entropy is generated with the Windows session key which is deleted when the user logs out (Expected with Windows Credential Roaming).
Even the resolution note in the below article is tried but without success.
Using Notes Shared Login (NSL) on Citrix: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081937
As per the product design, the Notes Shared Login feature uses the MS Data Protection API (DPAPI) to encrypt/decrypt information which allows access to a notes id.
Over this issue, logs have the error code(0x8009000B) which is defined as "Key not valid for use in specified state." and is something being returned by a DPAPI function.
This overall to the product team appears to be a limitation of DPAPI.
And the expected feature needs redesigning of the Notes Shared Login feature.
This request is thus with the expectation to address this limitation of the NSL feature which doesn't work over CITRIX when one has Windows Credential Roaming enabled and is required by the organizations for fulfilling certain security norms.