Why does Rublon for Windows deny user login (Access Denied)?

Modified on Thu, 3 Apr at 10:12 AM

The “Access Denied!” dialog says:


Access Denied!

You are not allowed to log on.

Contact your administrator.



What is the "Access Denied!" dialog and when does it appear?

The “Access Denied!” message is a dialog that appears after a user attempts to log in to Windows locally or via RDP, but they are denied access. This message tells the user they cannot log on and asks them to contact their administrator.


What to do after the “Access Denied!” dialog appears?

First and foremost, administrators should look up the log file located in C:\Program Files\Rublon\Logon\Logs\rublon-credential-provider.log and try to find a message about the user getting denied or an error.


The “Access Denied!” dialog can appear in many different scenarios. The following is the most common:


FailMode=deny: If the FailMode option is set to deny in the endpoint’s Windows registry, the user will be presented with the “Access Denied!” message. To fix the user getting denied in this scenario, restore Internet connectivity on the endpoint, set FailMode to bypass, or enable Offline Mode. Read more about these options in Configuration of MFA for Windows Logon and RDP.


If changing the FailMode didn’t work and the messages in the rublon-credential-provider.log file didn’t help find the issue, administrators can contact Rublon Support. (Make sure to attach the log file to your message.)


Can Rublon for Windows deny me without showing the “Access Denied!” dialog?

Yes, you may have been denied within the Rublon Prompt. In this scenario, the “Access denied!” information is displayed inside the Rublon Prompt instead of in a separate dialog.



 This denial is usually associated with the settings in the Rublon Admin Console. The two most common scenarios are:

  • User status set to Denied: If the user’s status is set to Deny in the Rublon Admin Console, the user will receive the “Access Denied!” message. To fix this, the administrator can change the user’s status to Active.

  • Group status set to Denied: If the user belongs to a group whose status is set to Deny or does not belong to the Permitted Groups added to a given application in the Rublon Admin Console, the user will be denied access. You can learn more about groups in Rublon Admin Console - Groups and Group Policies.


Helpful Links

Configuration of MFA for Windows Logon and RDP

Rublon Admin Console - Groups

Group Policies

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article