Usage Notes
32
Release Notes for VPN Client, Release 4.0 through Release 4.0.5.D
OL-5450-10
Start Before Logon and Microsoft Certificate with Private Key
Protect Fails
Trying to connect the VPN client using Start Before Logon (SBL) and Microsoft
Machine-based certificates fails. This is a Microsoft issue, not a VPN Client
problem.
If your certificate has private key protection enabled, every time you use the
certificate keys you are either prompted for a password to access the key, or
notified with a dialog and asked to click OK.
The prompt displayed when using a certificate with private key protection appears
on the Windows Desktop. You do not see this message while at the “Logon”
desktop, therefore the VPN Client cannot gain the access to the certificate needed
to connect.
Use one of the following workarounds:
• Get a certificate without private key protection (just make sure it is
machine-based, otherwise it won't be accessible before logging on).
• Instead of using Start Before Logon, log on to the PC using cached
credentials, make the VPN connection, and— using the “stay connected at
logoff” feature—logoff/logon with the VPN established to complete the
domain logon (CSCea03349).
Downgrading VPN Client from Release 4.0 Causes Start Before
Logon Failure
Start Before Logon fails if the VPN Client is downgraded from Release 4.0 to 3.6.
The reason for this is that the file csgina.dll is upgraded when the VPN Client
version 4.0 is installed. If the VPN Client is downgraded to version 3.6, the
csgina.dll file for version 4.0 is not replaced, and this breaks ability in the VPN
Client version 3.6 to Start Before Logon (CSCea03685).
Follow this procedure to drop back to the VPN Client version 3.6 from version
4.0.
Step 1 Uninstall the VPN Client version 4.0.
Step 2 After rebooting, search for csgina.dll. This file is found in the System32 directory.