Silent install of Mac login agent
We have a Windows domain populated with both Windows and Macs. We are able to use the GINA install in the portal to push the GINA agents to Windows workstations (the service is running as a domain admin). The portal does not work with installing the agent on Macs. Is there a way to run a silent install of the agent on Macs? Thanks, Kevin
Add ClickATell as Manual SMS Provider
I would like to add ClickATell as a manual SMS provider, but I can't get ADSelfService Plus to successfully send the message. I have verified the HTTP string by manually sending an SMS outside of ADSelfService. After reading ClickATell and ManageEngine's documentation, I believe the string should be set up like this... http://api.clickatell.com/http/sendmsg?user=USERNAME&password=XXXX&api_id=YYYYY&to=%mobNo%&text=%message% When I try to do a test message I receive "SMS Sending Failed" I am entering
Soon-To-Expire Scheduler for Fine-Grained Policies
I'm curious to know if anyone has been successful with using this tool against Active Directory with a PSO Fine-Grained password policy? I'm wondering if there is any way, we can configure ADSelfService Plus, to use something other than the Default Domain policy within AD. We have several different types of password policies, we have multiple agencies which have different standards. With that said, we utilize a method of password policy management, which is known as a PSO policy against Global Security
ShowADSSPTile
AD SelfService Plus, Build Number : 5305 'ShowADSSPTile' is 'FALSE' but Tile still appearing: Client OS: Win 7, 8.1, and 10 I only want the ‘Reset Password/Unlock Account’ link at the logon prompt and not any separate tile. Please Advise?
SSL is kicking my butt
I have SSL working but not on my fully qualified domain name. For example: https://server/ comes up fine, but if I use https://server.mydomain.com/ then it throws a certificate error. I have installed self-signed AD certs. I have also tried installing with my GoDaddy certs, but the ADSelfService pages won't even load when I do that. Also, my godaddy certs are not like the ones given in the examples. My boss is insisting that https://server.mydomain.com/ functions warning-free before we deploy.
Not working after installing new certificate
Our ADSelfService portal was using a certificate which gave errors with Chrome and Firefox (“Server has a weak ephemeral Diffie-Hellman public key”), so I bought a new certificate. I created a new keystore for this new certificate and modified the server.xml: <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="1" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/sspapplusrtdcom.pfx" keystoreType="PKCS12" keystorePass="******"
AD Self Service Plus Certificate
Is there any way to create a certificate request that contains a certificate template or anything other than a .csr? I want to sign the certificate from my own Certificate Authority but the web enrollment doesn't allow using Cryptography below windows Server 2008 and thus will not issue the more secure Certificate's from the web enrollment using the .csr as generated from the ADSS web page. Thoughts or work around?
Problem to register new entry in a DropDown list
Hi We have a DropDown List for psysical locations related to the Office Field in Active Directory. When i am tryying to add a New location I got this Message I am here triing to add 'Berglund' and it is not a dublicate. Whatever I Write her I get the same Message. Any Idea why this hppens? I have done this before without any problem. Since last it worked ok, I have upgraded to Version 5.305. Regards Reidun
Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
Hi, You receive the error when the server is trying to setup a secure connection and due to a disastrous mis-configuration, the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it. Example: <Connector SSLEnabled="true" ciphers="T LS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
Lost DC, How to change if cant login to admin portal?
I lost the domain controller that must have been specified in the config of ADSelService. Now no users can authenticate to the application and I cannot access the admin portal to change the domain settings. How do I make the DC setting change to point to another DC?
Error when trying to login as technician other than "admin"
I've added a couple Active Directory accounts as technicians ("super admins"). When I try to log in as any of them it redirects me to http://<servername>:8888/j_security_check?loginComponent=AdminLogin&formSubmit=SSP and says "the webpage cannot be found" If I try it from Chrome i get Sorry,the page you requested was not found. Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination, try from our home page. And when I click on "home" it just throws
Cert error on Iphones and Androids but working ok on PC.
I am getting certificate errors on iphones and Androids, with assistance I was able to get the correct cert installed and working ok on IE and pc web browsers but we are still getting the error on phones which is where we hope to use this. We might use the application for the phones but for initial enrollment email they are required to click on the email web address and enroll, this is where we are having an issue.
slow performance with ADSelfService Plus
I am trying out ADSS Plus in my environment. We are putting it in our vCloud Air cloud, which is just a virtualized vSPhere based public cloud. We have the VM running the code setup as a 2vCPU 4GB of memory. When I look at task manager, I don't see anything out of control for the VM OS level. The problem is that when I login using an Domain account it takes 15-20 seconds to login. WHen I login as the admin account, it will only take 1-2 seconds. I do have the backend AD sitting on the same network,
SMS not send
Hello, When a user tries to unlock/reset password through the web interface he/she doesn't get a SMS with the verification code on their mobile phone. We can send a test sms to the same number from the admin page though. Settings: Clickatell SMS gateway activated (if it isnt activated we cant send a test sms through the admin page) SMS credits ( there are enough credits available) Please help me out because we cannot implement this package for our organization this way.
GINA not pushing correct URL on client computers
Hi, We're having an issue where the GINA does not update or push the correct configuration to the client. We tested the app with HTTP and use the server name URL then decided to enable SSL with a different name for the web server. This new URL, even though updated properly in the web interface is not pushed on the client and therefore the client machine gets a invalid certificate error since the name of the server that is in the registry does not match the certificate. IS there a way to force the
Installation SSL FOR ADSelfService
Hi, We are using ADSS inside our domain. How to generate keystore file from our internal CA, which script or keytool can we use? Thanks, E.
ADSelfService Enroll.hta
What permissions it should have an account to download it to ADSelfService Enroll.hta to SYSVOL, where it is described in the documentation?
After enabling SSL on ADSelfService, Single Sign On does not work and asks for credentials....
We have ADSelfService work with single-sign-on on HTTP without any issues. I decided to purchase a SSL certificate and assign an external domain to the server in order to have it accessible from the internet. After the wonderful help from MangeEngine support, I was able to get SSL working on the site with the port 9251. Now the issue is that when I access the site from any computer internally, the single sign on does not work any more and I get prompted to enter my domain credentials before been
Adselfservice_enroll.hta not working
Hi, I've created a domain strategy and I 've configured force enrollment linked to this strategy. I 've noticed that the Adselfservice_enroll.hta script is stored in the sysvol directory on domaine controler . What is exactly the mechanism to copy the script on the sysvol ?whose user is copying the script? When i logon PC there is no windows message to force enrollment. How Adselfservice_enroll.hta is triggered ? What should i do ? Thanks Franck
Password Change notification
Hello, I'm trying to setup the password reset/change/unlock email notification. I have the server information setup and I can send a test email successfully to our admin account. I ran a reset on a test account and I did not receive the email notification. I thought to look in the personal information portion, but I can't see where an email address would go. Did I miss something?
Schedule Reports
Running ADSelfService Manager Build 5300 Log in as Admin click on Reports TAB Click on Schedule Reports top right Get the following error; Sorry,the page you requested was not found. Back | Sign Out Any ideas? Thank you in advance
Bad Notification Message When Linking Accounts Fails
Hello ADSelfService, We have a IBM AS400 system and would like to give our users the possibility of reseting/unlocking their AS400 account's with the self-service functionalities. When trying to link accounts, the system throws a bad message if a user enters the wrong credentials: {"TEXT_KEY":"ads.common.error.invalid_credential","SEVERITY":"severe","ERROR_CODE":7,"ERROR_KEY":"INVALID_USER_OR_PASS","DISPLAY_TEXT":"Invalid User Name or Password"} The normal user won't understand what is going on.
setting up SSL via tomcat/adssp
So, I've created a new java keystore using the keytool app, I've imported our companies public and signed certificates to that keystore. I've copied the keystore to the /conf/ folder and renamed it to selfservice.keystore. I've adjusted the server.sml to point to the new keystore and added a few recommended options to get our certs to load: <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" name="SSL" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
Trying to implement SSL for ADSSP
So, I've created a new java keystore using the keytool app, I've imported our companies public and signed certificates to that keystore. I've copied the keystore to the /conf/ folder and renamed it to selfservice.keystore. I've adjusted the server.sml to point to the new keystore and added a few recommended options to get our certs to load: <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" name="SSL" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
Problems Updating Secutiry Que & Ans from IE
Hello ADSelfService, IE is a commonly used browser in our environment, and in the majority of cases, some users are restricted to use other browsers to access the network where our ADSelfService Server is installed, whitch makes IE a very important browser for this tipe of users. We noticed that users aren't being able to update their Security Q&A from IE, but in turn, if an other browser is used (i.e FireFox) they manage to update the Q&A. Is there a way to troubleshoot this? Thanks & Regards,
AD Self Service Plus icon missing
After installing the product on a 2012 server, it ran. I made changes that would allow for SSL. I had to restart the server in order to complete the changes. After I shutdown the AD SelfService Plus server it would not come back on. Then I remembered I had set it to run when windows starts. So I rebooted the entire server. It still will not come up. I looked in the install directory, but there are no exe's to run. Additionally, there is no program called AD SelfService Plus in the start menu.
Enable Hide Self-Service Admin Login
Hello I unknowingly enabled the 'Hide Self-Service Admin Login' without providng exceptions. How do I re-enable it or be able to login as admin ?
Enrollment notification email message
I have an issue when trying to change the email enrolment notification. When I try to change %userName% to anything else, it does not work. Eg, if I try to change it to %givenName%, the email will just show Dear %givenName", instead of the user's given name in AD Example: Dear %userName%, We have deployed a password self-service tool to help you reset your Windows domain..................... This works and will show the username in the email (eg, Dear John.Smith) Dear %givenName%, We have deployed
Error To Transfer To SQL Database
Unable to transfer to SQL database , I got below error at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown
Settings not being saved when setting Security Q&A Strengtheners
Hi I am running ADSelfService Plus and have chosen to display 2 Q&A to the end user but they are coming up one by one and any setting I add to the Q&A settings page even after a save revert back to being ticked Display 0 questions out of 2 at random and not keeping my radio button for all security questions. I have tried restarting the service but it is still the same. Thanks
Problem while restoring db
Hello, I'm working through a project to migrate our 4.5 AD SS server from an XP machine to Windows Server 2012 VM. I have successfully upgraded AD SS v4.5 to v5.3 w/ SP 0.1 (build 5301) on the XP machine, installed 5301 on the new server, and verified that the old XP installation and the new 2012 install are working. While following this article; I have attempted to restore the XP database.zip file to the new server, but receive the error "Problem while restoring db". I have also reached out to
auto registration from a AD security group
Hello, Is it possible to auto register AD users through a AD Security Group? We are going to a new domain and would like to auto register the new user accounts with ADSSP automatically instead of importing them through a CSV file.