NSL fails for Notes Client on CITRIX when the CITRIX administrators apply Windows Credential Roaming.

NSL fails for Notes Client on CITRIX when the CITRIX administrators apply Windows Credential Roaming to upload the certificates to AD.

When the CITRIX administrators apply Windows Credential Roaming to upload the certificates to AD.

Then when the user logs out and logs back in, the ID with the entropy (*.bin) appears to be no longer useful.

Thus NSL fails to work and the users are prompted for a Notesid password.

Some findings show that the entropy is generated with the Windows session key which is deleted when the user logs out (Expected with Windows Credential Roaming).

Even the resolution note in the below article is tried but without success.

Using Notes Shared Login (NSL) on Citrix: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081937

As per the product design, the Notes Shared Login feature uses the MS Data Protection API (DPAPI) to encrypt/decrypt information which allows access to a notes id.

Over this issue, logs have the error code(0x8009000B) which is defined as "Key not valid for use in specified state." and is something being returned by a DPAPI function.

This overall to the product team appears to be a limitation of DPAPI.

And the expected feature needs redesigning of the Notes Shared Login feature.

This request is thus with the expectation to address this limitation of the NSL feature which doesn't work over CITRIX when one has Windows Credential Roaming enabled and is required by the organizations for fulfilling certain security norms.