The following error appears when issuing a card with EA/ESSO connector enabled:
“Access denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
Insufficient privileges for the account used by Indeed EA/ESSO connector.
Add the said account (specified in the smart card usage policy, Indeed EA section), to Indeed-ID User Admins and Indeed-ID Enrollment Admins groups.
The Indeed-ID User Admins group is created automatically at the Indeed EA/ESSO system deployment stage. The Indeed-ID Enrollment Admins group is created with IndeedID.security.provider.ex.cfg.exe utility from the Indeed-Id Extended Security Provider component package. After the Extended Security Provider is installed at each Indeed EA/ESSO server and Indeed-ID Enrollment Admins group is created, the Indeed server has to be restarted with the following command:
After the service account is added to Indeed-ID Enrollment Admins group, you have to logout and log in to Indeed EA server again under this account for the changes to take effect.