Remcom.exe flagged as malicious
Dear Support Team, our AV solution flagged Remcom.exe from version 6101 as malicious - PUA Application.RemoteAdmin.RLH. A VirusTotal scan shows that this is not an exception: https://www.virustotal.com/gui/file/d7a923357aea4f9d4e65d43d3f800fa4f3b766a825be63d798f5ff35721a462a/detection
Attackers Gaining Administrative Access to Zoho ManageEngine ADSelfService Plus Instances
FYI anyone with internet facing selfservice should act quick Rapid7 reporting Attackers Gaining Administrative Access to Zoho ManageEngine ADSelfService Plus Instances Rapid7 Managed Detection and Response (MDR) recently observed several incidents in
This site is not secure - Logon screen only
Hi, I recently installed AD Self Service and it works just fine with HTTP. So, I tried to enable HTTPS and I generate a CSR through AD360 and issued a certificate through my local CA ( ADCS ) and uploaded the certificate, seems to work just fine. whenever
Mobile App vulnerability
Adding to the vulnerability reported in https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock The enabled setting: Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed. However, when performing Change Password from the mobile app, there is No MFA requested..
iphone users not able to receive adselfservice plus MFA push notification.
Is anyone else experiencing this issue?
CVE-2022-42889 - Possibly exploitable in AD Self Server Plus
Dangerous hole in Apache Commons Text: https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/ CVE-2022-42889 Recommended fix is to upgrade the .jar library to commons-text-1.10.jar or higher. AD
Gina Cliente is storing passwords in plain text?
Hello team, in my company we are using GINA CLIENT 5.1 in windows computer, with the option of refresh the computers password by VPN. When the Gina Client finishe passwords reset process, it automatically store the user's password in (C:\Windows\Temp) plain Text, to then use that password to connect by VPN Is a very high security risk, I am very disappointed. PLS, how can I fixe this issue? Thanks
Password Expiry Notification not working with PSO enabled
Hello, In our AD we are using PSO for a different password expiry time for special users. Unfortunately, the Password Expiry Notification does not "see" this and does not send a mail notification. Is this a known problem? Please let me know if you need more details, Kind Regards, Sandro
Error while enforce machine MFA
Hi, When I want to enforce machine MFA for some servers, I get error. What's requirement to do this job? (port, access domain privilage, protocol, etc) Best regards
Mobile App issue
When performing Reset Password or Unlock Account, if the ADSSP mobile app is kept opened prior to selecting & going ahead with TOTP verification and/or QR code verification, the Mobile Auth does NOT display an alert. This causes confusion to end users which ends up with several unwanted & unnecessary calls to IT team
ADSSP Mobile app issue with verification methods
When Resetting password and/or unlocking account from the ADSSP mobile app, users get only 2 modes/option to verify themselves.. 1. Verify using Security questions 2. Push notification verification. User has enrolled with Email, SMS, TOTP, QR code , Security & Push notification Why are Email verification, SMS verification, QR code & TOTP not made available when Resetting password or unlcoking account from ADSSP mobile app?
MFA Recovery code
Hi ManageEngine Team, The MFA Recovery code which is made available to end-users after they have enrolled in ADSSP is a nice feature but needs a slight change, in my opinion. The MFA Recovery code is provided as an optional step for end-users to download
Scripting page error?
Please see the attached image. When doing a reset with the gina addon after successfully answering the questions my users receive the following error. If i hit yes the password is successful. How can fix the scripting error?
Password (key) icon on Windows Sign-In screen disappears
Since October, we have noticed a large number of workstations with ADSSP installed no longer show the password (key) icon on the Windows Sign-In Screen. Has anyone else come across this issue? The function still works but the icon is missing so users
Password Synch Agent health Status
Dear ADSelfServiceplus team For the love of god.. Please add the feature to review password agent health status installed on DC directly from portal instead of going to each DC and checking the health. Imagine if an organization has 15-20 DCs and we need
Unable to start ADSelfService Plus service
Error 'The ManageEngine ADselfService Plus service terminated with the following service-specific error: %%4294967295'
ADSS Licence issue
Hi Can i request some help please ? I am having a issue where my licence count is incorrect i have purchased 1400 licence On the licence info drop down it reports that i have consumed 1398 licence Enrolled - 1098 Not-Enrolled - 300 Available - 2 When looking at reports for enrolled i have 1046 enrolled and 145 not enrolled and 1045 licenced users. Can someone tell me how to resolve the issue as we need to get people enrolled but only showing as having 2 licence available regards Ryan
Email address length
I'm using ADSelfService Plus, or at least trying to get it set up correctly and rolled out to all users, but the email address (E-Mail Id) used for sending verification codes for authentication seems to be limited to 28 characters. Most of my users have email addresses longer than this so their email address is being shortened and obviously emails won't send. Any help would be greatly appreciated.
Skip MFA when ADSelfService is down does not work for OWA login MFA
We had to shut down our internal AdSelfService server for maintenance and this is what our users were greeted with when they tried to log into Exchange. No one could bypass the MFA error page despite us having the bypass checkbox selected.
STEP notification doesn't work
Actually it works on schedule but not sending emails. No presence of email attempts found in log. Smtp server is configured. Here a piece of log: [17:00:00:077]|[11-10-2009]|[ReportLogger]|[INFO]|[23]|: Scheduling the Soon-To-Expire Password Report Task............| [17:00:00:077]|[11-10-2009]|[SYSOUT]|[INFO]|[23]|: THE HASH DOMAINS :{dnDomainNameMap={DC=telecom,DC=ru=telecom.ru}, telecom.ru=[DC=telecom,DC=ru]}| [17:00:00:077]|[11-10-2009]|[ReportLogger]|[INFO]|[23]|: Execute Task Started | [17:00:00:077]|[11-10-2009]|[SYSOUT]|[INFO]|[151]|:
Password reset ignores password history policy
When a user performs a Password Reset then password history rules are ignored, just as though an AD administrator has performed a password reset using "Active Directory Users and Computers". This means that users can completely ignore password history requirements by using Password Reset instead of Password Change. I understand that you have added the "Upon password reset, force users to change password at next logon" option to help with this. This is a good start, but there is a problem with
Random users getting Invalid Code error when trying to register for self service
We have had random users, using both iPhones and Androids, get the Invalid Code when either scanning and manually entering the code from the Self Service page. The time and date have been verified on both the computer and the mobile device. In some instances
Issues with SMS
Is Clickatell having issues sending SMS?
ADSSP Geolocation based conditional access ( CA ) not workin
Hi We are on the latest version of ADSSP 6012 and configured GeoLocation CA with trusted countries When jumping on a VPN with different IP, the authentication and access to ADSSP still works as normal Is that a bug or need additional configuration on
Upgrade to 6100 causes 502 error rendering site unusable
I installed the service pack after coming back from vacation because I noticed it had some security bug fixes. I patched from 6013 to 6100. After applying the service pack 6100 the site no longer worked and provided us with a 502 error. I had to revert
Issue with HA working in Build 6100
And another classic buggy application build from ManageEngine. The latest build 6100 seems to be filled with issues with every configuration being done. Configured HA in ADSSP, however it doesn't seem to work as it should Ticket #4069482 has been opened
Certificate prompt when accessing the portal
Hi, I was testing out using smartcard authentication to login the ADSS portal. After seeing how it worked we decided to go back to a simple username/password plus MFA so I deleted the smartcard profile under admin > login settings > smartcard authentication
Upgrade failed: JRE version should be 7 to proceed
Unable to install upate (Build 5703 to 5708) I always get the error "JRE version should be 7 to proceed. Please start and stop the product once and then try again" How can I complet the update?
Unnecessary change introduced in latest Build 6114
the latest build 6114 is causing users to enter and re-enter CAPTCHA code twice instead of once, which was working fine in the previous build. Also, the first attempt to log in does not even present the option the type in the password. Please see attached
Portal rebranding theme
Hello, In current version (6009), the portal rebranding > theme does not apply to all users, only to admin account. We need to apply a specific color to end users, is there a way to force this, so all users see the same color? Thanks!
AD Self Service Plus as an Advertisement Engine
I have a concern with the fact that my local installation of AD Self Service Plus is being used to generate Webinar advertisements for ManageEngine's other solutions, in this case - AD360 the Integrated identity and access management (IAM) solution. I recently received an email from our helpdesk email address to our server admins address generated from ADSSP on our server advertising a webinar. I see this as an inappropriate use of the software and our server resources since I have purchased a license
CP logon screen problem on Windows 7 PC
After pressing Ctrl-Alt-Del I get the attached screen rather than the normal windows 7 username/password boxes. Installed through ADSelfService console, has been uninstall/reinstalled and PC has been rebooted between attempts
iOS push certificate expired?
Hello! Two of our clients have a problem with the MFA-Authorization since a few days. Both are using the app on iOS. On both sites we have build 6119 installed. In the logs I have found the following error: [15:09:09:475]|[02-13-2022]|[ADSLogger]|[INFO]|[105]:
Multi-Factor Authentication on endpont - Not Working
Hi, I’m in the process of enforcing MFA enrollment and MFA on our servers/endpoints using ADSelfService Plus. After completing the configuration and running some tests, the GINA application is triggered. However, only the Reset Password/Unlock Account
ADSSP Admin portal missing logs for MFA Backup Codes generated by Admins
The ADSSP portal Build 6100 provides Admins to generated MFA Backup Codes for end-users but does not have any logs recorded which could help trace back to which Admins have generated this code for an end-user account This is very bizarre and not sure
Soon To Expire Password Notification Policy- Can't Add Specific OUs
Hi, I'm experiencing an issue where I specify a selected list of Organisational Units to apply the Soon to Expire Password Notification policy and when I save the policy and re-edit it, I find it reverts back to All OUs. I only want this policy to apply to specific OUs and there seems to be a bug in the product which will not let me do this. Any assistance would be appriciated. Cheers.
No language selection option in Change Password & Enrollment process web-page
Hi ManageEngine In the ADSSP web-portal, there is no language option offered for a user to select from during the Change Password & Enrollment page. This is has been noticed and reported earlier through some Support case with ManageEngine technicians.
Permission Denied. Please Contact Your Administrator
I am trying to setup the AD password expiration reminder tool. I am unable to select any domains. When I go to Domain Settings > status is successful, but when I try to update objects I get "Permission Denied. Please contact your Administrator". The service
Issue with APN configuration in Build 6013 & 6100
Configuration of APN on Build 6013 & 6100 has a bug and DOES NOT work. It is very bad to see that bugs are not identified well before releasing of new builds by ManageEngine. Same bug existed in 6013 and now again in 6100. ManageEngine ticket number
Need to have ability to have multiple separate web pages for multiple domains added in ADSSP
Ability to have multiple separate web pages for multiple domains added in ADSSP. As not all functionalities are needed to be enabled for every domain, having 1 common webpage for all domain isn't an ideal solution. With separate webpages for each domain, only the needed options and functionality can be enabled without have users throw question to the IT department
Next Page