SOLIDWORKS PDM Windows User Login Credentials Errors

If you use Windows logins with SOLIDWORKS PDM, there’s a good chance you’ll run into this scenario at one point or another. Generally, it presents itself as one user getting an error about their credentials being wrong when logging in – most commonly “Username or password invalid” or “The entered username or password is incorrect”.

If more than a handful (or even all) of your users are experiencing this error, the steps discussed below won’t apply. Typically, a system-wide issue would indicate something is wrong with communication from SOLIDWORKS PDM to your Active Directory. In those cases, I’d recommend contacting your IT team first to ensure the domain controller is up and running as expected. 

For one or two users, however, there are a few reasons this can happen beyond just mistyping your password, and we’ll go over the three most common causes and how you can fix them.

Corrupt User Profile

The most common reason we see this error on single profiles is due to a corrupt Windows profile. 

When a Windows user logs into a computer, it creates a registry hive (like a big folder with many subfolders) for that user in the Windows Registry. This contains configuration information for Windows and software specific to the currently logged-in user. 

It also contains specific pieces called “LSA keys” in the registry for that profile. The system uses these as part of the authentication process – both for PDM and for other platforms. If those keys become damaged, it can cause login issues with PDM. 

Here’s a breakdown of what happens in the background when you log in as a Windows user to SOLIDWORKS PDM:

1. The user enters their credentials on the client machine. 
2. The client computer reaches out to the archive server with the Windows username.
3. The archive server sends a unique key back to the client and the local domain controller.
4. The key is encrypted with the unique user login credentials provided by the active profile, and the same encryption occurs on the domain controller, which creates a unique identifier for this login.
5. The identifier is sent back to the archive server, which also receives the encrypted identifier from the domain controller.
6. If the identifier matches from both ends, the user is authenticated to log in to the vault.

The LSA keys stored on the user’s local Windows profile are part of the process that generates the encrypted identifier during login, and if those are corrupt, the identifier won’t be generated properly - meaning it’s likely not going to match what the domain controller has. This makes the system think the credentials entered are wrong, causing the error. 

The easiest way to determine whether a corrupt profile is actually the culprit here is simple – use another Windows profile on the computer, but log into PDM with the same user credentials. This allows a different Windows profile with valid LSA keys to do the encryption work.

Let’s say we have user “JaneSmith” that we suspect has a corrupt profile. You can approach this one of two ways:

1. On a different computer, log into Windows with a profile other than JaneSmith (if this is an owned machine, someone else will usually already be logged in). Once successfully logged in to Windows, log into PDM using Jane’s credentials. 
2. On Jane’s computer, log out of Windows under that profile and log back in under a different profile. Then attempt to log in to PDM under JaneSmith. 

If using a profile other than Jane’s on the machine allows Jane to log in to PDM – then the issue is that Jane’s Windows profile has corrupt LSA keys. Her credentials for PDM can be validated just fine when a profile with valid LSA keys is logged in to the computer.  

In this case, the solution is to rebuild that user’s profile in Active Directory. Once rebuilt, they can log in to the computer and then to PDM and the authentication should work as expected. This is something your IT team should typically be able to handle without much issue.

User Exists in Multiple Places

Sometimes you can get a login credentials error if your user exists in multiple places, and the profile PDM is validating against has a different password than the one you’re expecting it to. 

Only the username of a Windows user is stored in PDM’s database. The password is managed by Active Directory, and the domain tag is only stored in the archive configuration tool for Windows users.

When trying to log in to PDM, the Windows username entered has to match the name of a user defined in your archive configuration tool, and the domain controller has to accept the credentials. It’s generally not checking the domain in this process – so long as the user exists in PDM and can be validated against with your local domain controller, the login is accepted. 

Most of the time, a specific username will only exist once – either as a local user that exists directly on the archive server or as a member of Active Directory. 

However, in some cases, a user might exist in multiple places. Usually, they’ll be present either as both a local and AD user or as two AD users with the same username in different domains. 

When this happens, SOLIDWORKS PDM will try to match the login with the local account first, then with the local domain, and then with the non-local domain. If the passwords for the two accounts differ, the login will error out with an invalid credentials message – even if the password is technically correct for the account they expect to log in to.

The archive server will store which domain or system name the most recent successful login was using in the vault registry key "UserCache". 

Local Credential Caching Issues

There are times when a user’s password is updated in Active Directory, but for whatever reason their local environment’s credentials haven’t yet been updated. This is a little less common and it can affect other applications that utilize your Windows credentials outside of just PDM. Most often it occurs with users that are joined to the domain but work remotely. 

It typically starts with a Windows password change - either prompted through an application or online portal (like through Microsoft Office) or done remotely by a domain administrator. In these cases, the “old” Windows credentials may continue to work for logging into the computer since they’ve been cached locally, but logging into PDM or other applications with the old password will fail.  

Sometimes, given enough time, the password will eventually propagate the way it should and update across the board. In cases where it isn’t updating or you need more immediate access (given your local domain controller already has the updated credentials), you can resolve the issue by locking your computer and signing back in with the new credentials.  

You’ll need to ensure you’re connected to the company’s network before you lock the computer. Go to the Start menu > select your user > sign out. Optionally, press the Windows Key + L.

Then, just enter the new credentials into the lock screen and log in to the machine as normal with the new password. This should force the new password to cache and allow you to sign in to SOLIDWORKS PDM and other applications with your new credentials.  

If these methods don’t resolve the issue, there may be something else going on with SOLIDWORKS PDM or your Windows profile. You should first reach out to your PDM admin and/or IT team to ensure your user is configured properly, and then reach out to technical support for further assistance if the issue persists.

This concludes SOLIDWORKS PDM Windows user login credentials errors. Learn more about SOLIDWORKS PDM below.

Related Articles

SOLIDWORKS PDM & Windows Active Directory: A Master List

SOLIDWORKS PDM Network Communication Troubleshooting

SOLIDWORKS PDM: Input Formula Aliases

Default Expressions in SOLIDWORKS PDM Data Cards

SOLIDWORKS PDM vs 3DEXPERIENCE CLOUD PDM: Workflows, Licensing & More

VIEW ALL SOLIDWORKS PDM ARTICLES