At every Login the LAN Crypt Client asks and accepts the Certificate PIN and says, the user certificate isn't found.
First seen in Every LAN Crypt Client, which uses profiles created with SafeGuard LAN Crypt Administration 3.80 or higher.
The SafeGuard LAN Crypt Client uses a Cryptographic Service Provider (CSP), which is not capable to decrypt the policy data with the configured algorithm. CSP typically used if smartcard or token login method are used.
Look at the Central Settings tab 'other settings'. You should see 'Use key wrapping' with the configured algorithm AES.
Activate ‘Use Key wrapping’ and change the algorithm to any supported algorithm, e.g. 3DES. If you did not change the CSP settings for the client, AES encryption is not supported.
If 'Use key wrapping' (default setting) is selected, the Security Officer data and user profile data will be encrypted using a random session key with the selected algorithm (default 3DES). This sessions key then again is RSA-encrypted with the public key from the certificate.
If ‘Use key wrapping’ is not selected, the data will be RSA-encrypted with the public key from the certificate. This operation is usually not supported if smartcards are used.
If you want to keep the configured algorithm, you have to select a CSP which supports this algorithm. The CSP has to be configured using the group policy settings “SafeGuard\Client Settings\CSPs and Algorithms”.
An overview of the built in CSPs and their capabilities can be found here: Microsoft Cryptographic Service Providers.
If you use smartcards, please consult the documentation of the smartcard CSP and middleware about the supported algorithms.
Note: User Profiles have to be recreated.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.