search cancel

WSS group based policy is not applying as expected for a user, whilst other users have no issue with the same site and policy rule


Article ID: 239266


Updated On:


Web Security Service - WSS


Access to the web-resource <xyz> is conditioned on group membership.

Group membership authorization is done via Auth-connector.

When User A is accessing web-resource <xyz> from a Windows computer a policy denied message is received.

When User B is accessing web-resource <xyz> from a Windows computer the resource is loaded as expected.

User A and User B are both members of the group that is conditioning access to web-resource <xyz>.


After setting the Auth-connector log-levels to debug the following message was see for the user authorization requests:

2022/04/11 08:36:14.407 [4308] [8548:4308] Failed S4U s4uLogin for user: 'DOMAIN\USER'; status=1793:0x701:The user's account has expired.


Auth-connector and WSS Agent.

Windows 10 setup as Microsoft Managed Desktop.


The end user checked with the customer helpdesk and found out that their Windows user account (which they used to login onto their Windows computer) had effectively expired.

After the account was re-enabled the authorization issue was resolved.