Jump to content
Updated Privacy Statement

FAS SSO error when restricting VDA from AD Group in FAS rule

Recommended Posts


I´m trying to narrow down the computer accounts who are able to request a user certificate "on behalf off" via an AD group with VDA´s instead of using the default "domain computers" in the FAS rule.

If I do this I get a S205 error "Relying party access denied - the calling account [{0}] is not a permitted relying party of the rule [{1}]" on the FAS server, however, if I add the computer account (directly) to the FAS rule it works. Any ideas of why it doesn´t read from the AD group?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...