Hello, Try using the pre-Windows 2000 domain name for the connectionUsername attribute (it should probably be OUDOMAIN\test rather than oudomain.se\test. If it still does not work you could try adding the attribute connectionProtection="None" - not recommended for production use but useful for debugging. However from your description it seems as if your web server is not a member of the AD domain. Is this correct? If yes, then you will not be able to get the AzMan role provider to work. For some reason the AzMan provider has no provision for entering username/password credentials, but will attempt to connect to the designated server with the running process identity, i e the ASPNET account. It is outlined in the technote that you are referring to, although it takes careful reading not to miss any of the small, but important details. The good news is that we are working on an Active Directory role provider that complements the ActiveDirectory membership provider in the .NET Framework. it is about to go into testing as I type this. No, I cannot say when it will be available ("When it's done", which is hopefully soon) nor how it will be shipped. Rgds, Magnus Stråle

The webserver is in the domain. When I added connectionProtection="None" I got another error Configuration Error Logon failure: unknown user name or bad password Is this error indicating that we can't bind to the AD server or that the username or password I try to login to EPiServer with is not allowed(because the connection to AzMan dosent't work or something else) Regards, Jonas

Try creating a new app pool for your web app with an identity from AD. Add the identity to the IIS_WPG on the web server through the local groups. Set IIS to use the identity for anonymous access. The username should be in the form: domain\user. Try selecting Integrated Windows Authentication for authenticated access and login with the username in the form: user@domain (not pre 2000). Make sure the web.config is set to forms authentication.