VIP ADFS authentication fails with 'Failed to encrypt VIP cert password due to ... CryptographicException'


Article ID: 184905


Updated On:


VIP Integrations


VIP authentication failing with AD FS integration

VIP Service exception : System.Security.Cryptography.CryptographicException: The specified network password is not correct.

System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName, IntPtr password, UInt32 dwFlags, BooleanpersistKey, SafeNetCertContextHandle& pCertCtx)
   at System.Security.Cryptography.
X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)

 6/4/2019 1:38:33 PM : Log File Path : C:\Program Files\Symantec\ADFS3\
 6/4/2019 1:38:33 PM : VipService Authentication URL:


The VIP ADFS plugin is pinned to the incorrect root CA. 


Follow the instructions to upgrade the ADFS plugin: How to upgrade VIP AD FS Two-factor authentication plugin 

Place the VIP Certificate downloaded from VIP Manager into the ADFS plugin installation folder. (i.e., C:\Program Files\Symantec\ADFS). Change the path of the cert in the VIP ADFS configuration tool. Restart the AD FS service.