Skip to main content

Overview

Sometimes when you install idemeum desktop agent you might experience installation errors on certain machines. This typically happens when you do not have sufficient permissions to install idemeum agent, the idemeum service is blocked when starting, security software is interfering, etc. In order to help you diagnose these issues, we created diagnostic scripts to identify the root cause of the problem.

Service installation failure

You execute the agent install, and it fails with error 1603. Then you open idemeum_install.log and observe the following: 
MSI (s) (E0:80) [08:16:56:573]: Product: Idemeum Desktop Client -- Error 1920. Service 'Idemeum Service' (IDMService.exe) failed to start. Verify that you have sufficient privileges to start system services.
This means idemeum service is not able to start successfully. Run this in PowerShell as Administrator. 
Set-ExecutionPolicy RemoteSigned -Scope Process -Force; Invoke-WebRequest -Uri https://asset.idemeum.com/desktoplogin/idemeumServiceCheckUtility.ps1 -OutFile "idemeumServiceCheckUtility.ps1"; .\idemeumServiceCheckUtility.ps1
This is a healthy sample output from a functioning machine. 
--- dotnet --list-runtimes ---
Microsoft.NETCore.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.25 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.25 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
------------------------------

Registering DLL...
DLL registered successfully.
Starting service...
Service started successfully. Status: Running
Stopping service...

Overall diagnostic

To diagnose the general state of the machine and any other idemeum installation failures run the following in PowerShell as Administrator: 
Set-ExecutionPolicy RemoteSigned -Scope Process -Force; Invoke-WebRequest -Uri https://asset.idemeum.com/desktoplogin/diagnostic.ps1 -OutFile "diagnostic.ps1"; .\diagnostic.ps1
Here is a healthy sample output: 
=== Credential Provider Diagnostic ===
Target CLSID: {417C7858-EE65-42AD-9F11-5BA27FB1FF64}

=== Credential Provider Filters ===
Filter detected:
  CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
  Name  : GenericFilter
  Note  : Benign / generic filter (ignored)

✔ No effective third-party Credential Provider Filters detected.

=== Idemeum Credential Provider Registration ===
✔ Credential Provider registry key exists.
✔ Credential Provider is not marked as disabled.

=== COM Registration Check ===
COM DLL path: IDMCP.dll
✔ COM DLL exists on disk.

=== All Registered Credential Providers ===
  CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
  Name  : Smartcard Reader Selection Provider

  CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
  Name  : Smartcard WinRT Provider

  CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
  Name  : PicturePasswordLogonProvider

  CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
  Name  : GenericProvider

  CLSID : {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
  Name  : TrustedSignal Credential Provider

  CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
  Name  : NPProvider

  CLSID : {417C7858-EE65-42AD-9F11-5BA27FB1FF64}
  Name  : IDMCP

  CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
  Name  : Secondary Authentication Factor Credential Provider

  CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
  Name  : CngCredUICredentialProvider

  CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
  Name  : PasswordProvider

  CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
  Name  : Smartcard Credential Provider

  CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
  Name  : Smartcard Pin Provider

  CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
  Name  : WinBio Credential Provider

  CLSID : {C5D7540A-CD51-453B-B22B-05305BA03F07}
  Name  : Cloud Experience Credential Provider

  CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
  Name  : PINLogonProvider

  CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
  Name  : NGC Credential Provider

  CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
  Name  : CertCredProvider

  CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
  Name  : WLIDCredentialProvider

  CLSID : {F8A1793B-7873-4046-B2A7-1F318747F427}
  Name  : FIDO Credential Provider


=== Diagnostic Summary ===
✔ Credential Provider is correctly installed.
✔ No effective filter-based suppression detected.

=== UAC Settings (Readable) ===
EnableLUA                       : 1    (Enabled)
ConsentPromptBehaviorAdmin      : 0    (Elevate without prompting)
ConsentPromptBehaviorUser       : 3    (Prompt for credentials)
PromptOnSecureDesktop           : 1    (Enabled)
FilterAdministratorToken        :      (Not set)
EnableInstallerDetection        : 1    (Enabled)
EnableSecureUIAPaths            : 1    (Enabled)
ValidateAdminCodeSignatures     : 0    (Disabled)

=== End of Diagnostic ===