The Single Sign-on Plug-in software should be the last GINA-altering software installed on your non-Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7 devices. If the Single Sign-on Plug-in software is installed but does not start as expected, it might be caused by a broken GINA chain. This happens when software installed or upgraded after the Single Sign-on Plug-in software alters the Windows GINA chain. Software packages that support smart card authentication, Symantec, and XenApp are all known to alter the Windows GINA chain.
If Single Sign-on is already installed and you plan to install or upgrade software that alters the Windows GINA chain, first uninstall the Single Sign-on Plug-in software. When the Single Sign-on Plug-in software is uninstalled, install the new software (or upgrade), then reinstall the Single Sign-on Plug-in software. This ensures that the correct .dll file is installed and registered for use with Single Sign-on.
Recommended Reinstallation Steps
- Uninstall any third-party software that alters the GINA chain.
- Uninstall the plug-in software.
- Install the third-party software.
- Install the plug-in software.
If you recently upgraded or installed third-party software and you suspect that it may have altered the Windows GINA chain, check the Windows registry entry and the client device to verify the presence and the location of the GINA chain.dll files appropriate to your installation. If the files are not located on the computer, uninstall and reinstall the Single Sign-on Plug-in software.
Important: When uninstalling software that may have disrupted the GINA chain, it is important to uninstall the software in the reverse order in which it was installed on the user device. Failure to uninstall in the reverse order in which GINA-altering software was installed can leave the computer in an invalid state. Do not edit the registry.