Skip to main content
Skip table of contents

Root cause

Refer to following link to decode NTStatus to text:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55

for sub-status please use following link:

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625

Substatus: 0xc0000321 - means problem with underlying security system, in our case KSP. To resolve this, please make sure there is no end-point security enabled, like antivirus, etc preventing unknown KSP to work.
Try to set:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Set the value of the registry key to: "RunAsPPL"=dword:00000001

In most of the cases, the problem is related to certificate trust for Kerberos.

To detect correct root cause of the issue, perform following steps:

Data collection on Client computer
Data collection on Domain controller
UPN check
CA cert present on NTAuth store

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close