Does the app pool that runs the LLAWP process need to have admin rights on the Windows server ?
We are facing a problem where we installed the siteminder agent with an admin user .
When user is part of administrators group on windows , forms login is working fine.
But when we remove that user from the admin';s group and then try to access we get error "failed to encrypt agent name" in agent trace logs, i disabled encryptagentname so it went to the form login page but after that upon entering credentials on the login pageit returns in trace log with a message "[CSmHttpPlugin::ProcessSessionCookie][Unable to decode SMSESSSION cookie"
I have tried multiple options , re-register the agent, point to a single policy server,Granted the app pool permission to webagent directories, checked permission to file systems using proc mon , granted permission to the domain user associated with AppPool to IIS_USRS but no success.
As soon as i turn back admin permissions , it starts working. i,.e. i am able to login using form auth scheme.
has any one seen such issue.