Password Sync Agent install on Domain Controller
Hi I want to make sure for below question. Client connect to Domain Controller A that is not Primary Domain Controller, password replication will take 15 minutes to replication from Domain Controller A to Primary Domain Controller. Which Domain Controller that should install Password Sync Agent in order to make all native password change (e.g.: password change via Ctrl+Alt+Del screen or password reset by admins in ADUC console) from Domain Controller A instantly update to ADselfservice plus server?
Oracle Database password reset
I have setup a couple of oracle targets for the password manager. They seem to setup ok but when I try to change the password I get the error: ServerName.eiu.edu[Oracle Database] - Password does not meet Oracle database complexity requirements. Please try again. Our DBA pulled this from the logs: At 2:03:34 P.M. you got ora-00922 in the audit log for ALTER USER ORA-00922: missing or invalid option I can run the command in SQL Developer ALTER USER test_aballison IDENTIFIED BY "PASSWORD_HERE" and
ADSSP - CPU at 25%
Hi there, ADSSP build 5206 running on server 2008 R2 (64-bit) At the moment, the service works without any issue. My concern is that at the moment, "java.exe *32 " running at a constant 25% CPU. The file located on the folder: C:\ManageEngine\ADSelfService Plus\jre\bin It happen a few times already and we just restarted the service every single time. I'm a bit concern that it might present an issue in the future.
ADSelfService Plus migration to another server
Hello I need to migrate ADSelfService Plus to another server and I do not want to lose any configuration option or data (enrolled users, machines, etc). If somebody can help me with this it will be great! Thanks Anton
Filtering users
I'm currently doing an eval of ADSSPlus and I'm curious about how best to limit the users who can have access to this. In some cases, we have generic accounts in our domains, mixed in to the same OUs and Groups as regular staff and students. I would like to be able to exclude these generic accounts from being able to log in, register and reset passwords (and ultimately use up licenses) within AD Self Service. How can I best accomplish this within the application? Is there a way to select a group,
ADSelfService Plus 5.2 Build 5207
Hi, We are glad to announce that ADSelfService Plus has received a major security overhaul in its latest release. The new build – 5207 – updates the Java RunTime Environment package used in the product to version 7. Also, there are a lot of other enhancements particularly to the self-update layout. Enhancements: Now you can easily migrate product data from your existing database to another (except to MySql). Java RunTime Environment used in the product has been updated to version 7. Support for TLS
Create your own security questions
Is it possible to create your own security questions as opposed to using the canned ones?
Enrollment emails
I can see enrollment notifications going out in notification log that do not show up in the enrollment notification options to disable or change so I cannot update the wording of them.
How far does the functionality reach?
In our environment, we are currently testing the password reset/unlock part of Self Service. We have in place a Citrix environment, and a couple dozen WYSE terminals that connect in to Citrix, as well as desktops and those using Citrix Receiver. Can you please tell me if it's possible for me to integrate self service into my Citrix/WYSE environment? At the moment, when they power on the WYSE terminal, they login to the terminal using their username/password/domain combo and it automatically fires
Google ADMIN SDK API expired
As of 4/20/15 Google Apps ended support for the ADMIN SDK. Passwords are no longer syncing between AD and Google Apps. Is there a patch to resolve this issue?
Data Dictionary
Is there a data dictionary available to poll the database directly to build our own reports/dashboards? Omar Edwards
Error Message: adssp.error.native.change_pwd_min_pwd_age_set
Hi, we are on ADSelfServicePlus Version 5.1 Build# 5105. When our users encounter errors resetting their passwords, they are receiving the following error when not meeting the domain password policy requirements. adssp.error.native.change_pwd_min_pwd_age_set The error message is not understandable to our users. First, what causes this error message to be displayed instead of a more appropriate/comprehensive to the user? Second, we don’t see this message referenced C:\ManageEngine\ADSelfService Plus\resources\adssp\mobile\ApplicationResources_en_US
Install issue with ADSelfService Plus
Hi, we are testing this product and we have found that while the computer is connected to the domain, installing ADSelfServicePlusClientSoftware.msi executes but the logon screen does not show the link for password reset. When we remove the computer from the domain and install the msi, then join the domain, then the link shows up. Do you know of any group policy settings that would cause this to happen?
FREAK Vulnerability
I contacted support and all I've gotten back was a we will get back to you and it has been over a week. Self service is vulnerable to the freak vulnerability and I am looking for a fix. https://www.ssllabs.com/ssltest/ if you want to test your own setup.
Can't unenroll users in 5202
I'm running 5202 and cannot unenroll any users. I go to the Enrolled Users report, and find the account I want to remove. Click the X button Get message: "Are you sure want to Disenroll this user? Note: The technician status (if applicable) will be deleted." Click Yes. The page refreshes, but the user is still there.
bug report
edit the password expiry notification (any of the entry) assume the notification frequency was set to On Specific Days Schedule Time shows only XX Hrs XX Mins edit the Select domain value to anything Schedule Time will show the day in addition to the time: DAY at XX Hrs XX Mins need to change the notification frequency to something else and back to on specific days to show the proper schedule time
ADselfService Plus Single Sign On Error Cannot Create Computer Account
We have implemented ADSelfservice on our Domain environment and everything works fine except Single Sign On.Its giving the error Cannot create computer account ..once you enable single sign on and give virtual computer name and trying to add Computer account to AD. We have the domain admin privilege so we don't see any issue with privilege. Kindly help us to resolve the issue
notification delivery status to manager/admin
Hi there, in the ADSelfService Plus web admin console ... Configuration > Self Service section >> Password Expiry Notification edit one of the available notification entry and click on Advanced button on the right of the save/cancel button There are 2 options under Reports : Send notification delivery status to users' manager Mail admin the notification delivery status If we ticked any of these ... somehow they receive the report everyday! is this expected?
Reset or change passwords
I am implementing ADSelfService Plus and curious if are any security best practices for implementing change vs reset tools. We rarely have issues with users forgetting their passwords, so I am tempted to disable the reset option so that users aren't forced to enroll (just let them hit the site and use the change password option). However, it seems less secure to have them just change their password, instead of answering security questions first. Any opinions or thoughts on this? Thanks, Eric
Stop Admin e-mails when no report is generated
Hi, Is there a way to stop ADSelfService Plus from e-mailing out the reports e-mail when there is no report available that day? So I currently get the e-mails saying: 'Dear Admin, No reports available at the moment for the configured scheduler. Regards, ADSelfService Plus' I don't want notifying if there is no report available that day, only on days where a report is available. Is it possible to turn this off?
Daily "Delivery Report for Email Notifications"
I'm getting daily emails titled "Delivery Report for Email Notifications" with the message: "Dear Admin, No reports available at the moment for the configured scheduler. Regards, ADSelfService Plus" I cannot find where to make this stop.
run as windows service not reliable
Hi there, We've installed ADSSP as windows service with the method shown under Admin > Product Settings> Windows Service We can start and stop the service fine but sometimes it just not very reliable. if we start the service from application, the status under Windows Services not showing as Started one time the notification refused to be run manually so we restarted the service via Windows Services; things still doesn't work until we stop-start from the application Is there a known issue with ADSSP
ADSelfServicePlus : BackGround Customization
Hi, I saw lot of possibilities for customization but no one for background color change. Is it possible to do so on all the pages ? Thank you Lucien
issue with GINA windows client installation steps
Hi there, there are some issues with the provided documentation for GINA client installation (Windows). First, the ReinstallAgent.vbs file located on the ADSSP server: C:\ManageEngine\ADSelfService Plus\bin It has a typo on line 26: bmpImgPath = argss.Item("IMAGEPATH") It's supposed to be: bmpImgPath = args.Item("IMAGEPATH") --> note the extra 's' on the original one Second, according to the documentation on your website: https://www.manageengine.com/products/self-service-password/self-service-password-help-docs.html
GINA not working on a Windows 8.1 x64 machine
I have it on two machines for testing. On one it works. On the other it does not. Both are Windows 8.1 x64. One is our standard build for machines, and that one works. The other, I installed Windows manually and updated everything. That one does NOT work. Not sure how to troubleshoot the install.
downlad Gina ADSelfServicePlusMacLoginAgent.pkg
Hi, We are in trial mode, where can I download GINA ( ADSelfServicePlusMacLoginAgent.pkg ) for testing purpose ? Regards
Enabling SSO using HTTP Post
Hi there, i have been trying to link our SSO platform with ADselfservice plus reset password. What i try to achieve is to pass some value inside http POST into adselfservice and give the user the reset page I have been trying using this strings.. but seem not working.. i have try various syntax to inlcude the domain name too. We are autheticated using LDAP https://Address/j_security_check?j_username=usern&j_password=Password&DOMAIN_NAME=PRI&loginButton=Login at first we want to put the above URL
Enrollment Behavior
A few builds ago, ADSSP would take non-enrolled users directly to the enrollment tab on first login, but on the last 2 more recent builds including 5206, it takes them to the My Info tab and forces them to select the enrollment tab to enroll. Can this be changed back to the previous behavior? At least 2 of our users were confused by this behavior and updated their info thinking they had enrolled when they had not. Thanks in advance!
[2014] ADSelfService Plus Fixes and Enhancements
Version 5.2 Build 5200: (26/Nov/2014) Features: Multiple Login Options: Users can log in to the self-service portal with any AD attribute with unique value such as mail and telephoneNumber. Now verify users’ identity by sending them an email containing a secure password reset/account unlock link. Ability to restrict service accounts using license management to free up license count. Issues fixed: Issue in self-update which displays incorrect value in the manager field. Issue in automated password
[2007 - 2011] ADSelfService Plus Fixes and Enhancements
Version 4.5 Build 4503: (28/ March/2011) Fixed: Logon issue (when maximum password age is set to zero) has been resolved. Multiple field updation issue (eg. in case of checkboxes, radio buttons etc.) in the 'My Info' tab has been fixed. Version 4.5 Build 4501: (10/March/2011) *Fixed: "Could not install client software" error while installing Gina on client machines has been rectified. Version 4.5 Build 4500: (10/February/2011) New Features: SMS / E-Mail Verification Codes to provide additional
Receiving Duplicate emails from a scheduled task
I have ADSSP set to automatically restrict users when they are either inactive for 30 days, their account is disabled, or deleted. I also have the results of this emailed to me. It occurs every Sunday at Midnight. The task is working well, but I get 2 emails from ADSSP every week when it happens. They are identical, and I'm wondering if the task is running twice, even though it only shows up once on the console. Is there a way to check the database for a duplicate schedule?
Query to adress all managers
Hi, can somebody help me please with a query which list only the manager in the "manger" field on the self service page? I want to get a list of the names only. Thanks in advance. T.
TLS 1.2
When will ADManager SelfService Plus support TLS 1.2 ?
Which Competitor Has The Best Customer Support?
So I've been on hold for 15 minutes now today, trying to get service on a case that's been open for a week. that I've been promised an immediate call back on at least 4 times... Thinking at this point they have too much to do and don't need my business so wondering who else is out there that has responsive support? Thanks
Mail Delivery Status Invalid Email-ID
Hi, Mail Settings in Admin->Product Settings->Server Settings->Mail Settings are configured correctly. When using the Send Test Mail I can receive the test message. As an admin I can also receive "Delivery Report for Email Notifications". The problem is that once I open the attached file "Soon-To-Expire Password Users Report.html" there is Mail Delivery Status: Invalid Email-ID for all entries. Users do not receive any password notices. Mail Delivery Status Invalid Email-ID
Can't access the web portal
Hello, I've an issue with accessing the web portal from a PC in the same domain which keeps giving that the page can't displayed. while the admin login form the same server that installed on is working. Thank you.
User has forgotten answers to security questions
I have students that have already forgotten the answers to their security questions. How do I, as the admin, reset their accounts so they have to re-register or can log in and change/modify their security questions?
Browser on Windows phone unreliable
Hi Has anyone had issues accessing ADSelf Service using IE on a Windows phone? The experience of our users has been intermittent. Sometimes it is fine, sometimes they get "page cannot be displayed". This is when using a wifi, 3G and 4G connections. We have discounted any sort of signal issue as it has been tested from various areas where Android and iPhone users of the same networks are fine using both the browser and the App. Also, is there a time frame for a release of an App for Windows phones?
SSL error: Failed to establish chain from reply
Hi there, We're trying to set up ours with HTTPS and encountered the error when importing the certificate. Can ADSS support SHA-2 certificate? We have ServiceDesk Plus and use SHA-1 certificate since it won't take SHA-2. If it does support SHA-2 ... read on! We've received 2 certificates form GoDaddy as follow: gd_bundle-g2-g1.crt random_gibberish.crt -- > we've renamed this file to serverhost.cert for sanity's sake so, following the instruction to copy the files as instructed by on the SSL tool
Macros to pull any LDAP field?
Is there a way to pull any LDAP field in a global macro variable? I'm trying to use the comment field to store the user's mobile carrier SMS gateway as a text variable, and then call it on the SMS Settings under Admin/Product Settings/Server Settings. For instance, in this way I could send an SMTP message to %mobNo%@%comment% where %comment% could be VTEXT.COM or TMOMAIL.NET, etc. That would allow me to use the carrier's own SMS gateway to send a text to their subscriber. Also I had an issue using
Next Page