[RESOLVED] ADSelfService Plus in a subdirectory from reverse proxy (nginx)
I have a website "example.org" and I want to add ADSelfService Plus to this website under "example.org/password". The problem I have is that I cannot make the configuration work. If I make it available from "example.org", everything works as it should. The moment I have it through "/password" I cannot log in or access any css files, only the indez page shows up. I have a rewrite url in IIS on the ADSS+ server so that it is avaible from http://serverip:80 Then I have the reverse proxy on another
Configure ADSelfServicePlus to use SQL server
Good day, For one my customers I'm trying to setup ADSelfServicePlus in a POC environment. The procedure for pointing the installation to SQL server (https://download.manageengine.com/products/self-service-password/configure-adselfservice-plus-with-mssql.pdf) is failing for me. When running changeb.bat I select MS SQL Server in the list box, I get a message I need to install the SQL native client first. But it's already installed. What is going wrong here? See attachment with screenshot. Thank you
Restrict Profile by IP Address
Is there a way in AD Self Service Plus to setup a profile with an IP address filter? We want to allow domain admins to unlock/reset their passwords but only from within the LAN and not from the WAN. So we would have 2 profiles, one that points to the regular users OU that is usable from any IP address and another profile that points to the OU containing admins that is only usable from the LAN ip addresses. Much like you can restrict the Admin login page by ip address/range.
Servicenow Single sign on integration
Hello, I have a problem with setting up of SSO for Servicenow via ADSelfService Plus. I went through the documentation on page https://www.manageengine.com/products/self-service-password/step-by-step-guide-for-servicenow-single-sign-on.html but when I am trying to use external login to ServiceNow using the email address am forwarded to ADSelfService Plus which is showing me error message Sorry ! You are not authorized to view the contents of this file. Back | Sign Out Do you have an idea what can
HTML-formatting
Greetings, I've built a HTML-formatted email that i've pasted into the admin console, but when I send it, it just sends as plain text. I've tested the emailtemplate in a browser and there it looks correct, and formats correctly. In earlier builds of ADSelfService you had to activate the HTML-function, if that's the problem with the new release, where do I find that option? Thank you in advance! B/R Filip
Support for multiple domains - aggregated stats
Hello all, We have 2 domains registered in ADSS. What we found was that you have to log in with a user from each domain to see only stats for that particular domain. There is no aggregated view of both domains that we can see in ADSS. Can you assist or guide us in the right direction? Regards, Stephan Terblanche
Can't chnage password
When ever I try to change password, it fails complaining about password policy/complexity. I've met the complexity requirements, but fails. What I've tried: 1. Set adselfserve service to admin account 2. Set domain auth account to admin account 3. Set domain password settings to no complexity and mim password age to 4 days 4. Enabled LDAPS on selfserve settings Nothing has worked. Details: latest version of AD Self serve Windows 2016 with latest patches AD self server installed directly on DC
ADSelfService Plus 5700 released with enhancements!
Hello Everyone! The latest build of ADSelfService Plus supports the updated version of JRE, Apache Tomcat server and PostgreSQL server, for improved security. Enhancements: JRE bundled with ADSelfService Plus is updated to version 1.8.0.162. Apache Tomcat server bundled with ADSelfService Plus is updated to version 8.5.32. PostgreSQL server bundled with ADSelfService Plus is updated to version 9.4.14. How to update? Update using service pack. New to ADSelfService Plus? Download the latest version
Change Port No.
Hi, I created a server and called it 'SelfService' and the default port was 8888 so now when you browse to the URL it is http://selfservice:8888. Is there any way to change this so that it is http://selfservice ?
Security hardening
Hi - my installing will be subject to pen testing so I am looking for information regarding hardening of ADSelfService Plus. I've done the usual stuff from the Admin portal but am now looking at the CIS tomcat benchmark has anyone had ADSelfService Plus benchmarked? Does anyone have anything they can share on - e.g. I'd like to use SecurityManager but worry about breaking things - does anyone have a proven policy file?
Self Service Portal session expires while resetting the password
Hello everyone, Greetings!!! While resetting the password the portal session expires if the password is not matching the complexity. I have already enabled this option "Allow users to retry reset without going through ID verification again". But still it fails and shows the attached error, users have to relogin for trying again. Any help will be greatly appreciated. Thanks, Kottees
Compatibility with non-Microsoft ADs - particularly with Zentyal
Hello. I have had a browse around the product info but I cannot clearly make out if it can be used with a samba4-based Active Directory like the one in the Linux Zentyal distro...
"Number of numeric characters to include"
Hi, We have finally narrowed down our password reset issue to this field the Password Policy Enforcer. Whatever value we put in for the number of characters to include, users are unable to reset their passwords successfully unless they use a password with this value plus 1. So if the number of numeric characters required is 1 then you need at least 2, if I set it to 2 then passwords will need 3 numeric characters, and so on, for a successful password change. The thing that made this so hard to work
GINA Install Issue - Process in use
Couldn't copy service to \\xxxxxxx\ADMIN$\System32.The process cannot access the file because it is being used by another process.... The server can access the share manually.
Custom text and links in the layout
Hi all, i would like to add a link to the Self Service Layout where the user can lookup instructions and guidlines to follow for the Directory update. Currently i can only add fields from the AD to the layout. is it somehow possible to add custom text and links as well? Thanks
Security/Patch notification
Hi - what is the process for signing up to receive notifications about vulnerabilities and patches
AD Self Service - Password Expiry Notification
Good Morning, I am just starting to use these Manage Engine tools for the first time so apologies if this is a basic question. I am about to set up Password Expiry Notification via email (on AD Self Service) I have set all the settings as I want. A colleague has informed me that they have tried to get this set up before and it hasn't gone well due to the fact that we use an old email client and the email doesn't display in a very good format once it is sent. I have made a few alterations and also
ADSelfService Plus 5606 released with enhancements and issue fixes!
The latest build of ADSelfService Plus allows access to Password Expiration Notifier free tool by the technicians and supports rebranding of the self-service password reset/account unlock window of the Windows logon agent. This build also fixes important
SSL Cert for AD SelfService Question
Hello All, First, I just want to say that I'm new to SSL, please pardon my stupidity. We're in process of encrypting the connection from the outside to our server. I have a few questions and need help with. 1. Should I be using a self-signed or commercially signed cert? 2. If I need a commercially signed cert, which one should I purchase? https://www.godaddy.com/web-security/ssl-certificate Help would be appreciated!
Airwatch MDM with Configurations
We're trying to deploy the ADSelfservice mobile app to our company phones with the configurations already in place. We received the configuration key value pairs, but for some reason this isn't deploying with our app. Has anyone else ever pushed the app through Airwatch, any tips or tricks to get this done correctly?
ADSelfService Plus (5605) now supports AD-based security questions as an MFA method
The latest build of ADSelfService Plus supports Active Directory-based security questions as an MFA method. Feature: Active Directory-based security questions as an MFA method: You can set up AD-based security questions to authenticate users at the time of self-service password reset and account unlock by comparing their answers with the corresponding AD attributes' value. How to update? Update using service pack. New to ADSelfService Plus? Download the latest version of the free Password Expiration
ADSelfService Plus 5604 hotfix released
We’ve fixed a vulnerability issue in the latest build. Issues fixed: An XSS vulnerability has been fixed. How to update? Update using service pack. New to ADSelfService Plus? Download the latest version of the free Password Expiration Notifier tool Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com An integrated Active Directory self-service password management and single sign-on
ADSelfService Plus 5603 released with enhancements and an issue fix!
The latest build of ADSelfService Plus brings you the single-logout feature and also adds ADFS to the list of identity providers through which users can access its web console. This build also fixes an important issue in the product. Highlights: SAP NetWeaver password synchronization: Synchronize AD password changes with SAP NetWeaver in real-time. Single Sign-on with Active Directory Federation Services (ADFS): ADSelfService Plus adds ADFS to the list of SAML-based identity providers through
VPN to update cached credentials
Hi, I have reset a password via the GINA tool on the lock screen of a Windows 10 computer that is off the network. The password has reset in A/D however the VPN connection to update the local cached credentials doesn't appear to be working. I notice that I have an extra icon in my lock screen and when I click on it I have a "ADSSPNativeVPN" login and password box appear. Do I manually need to log into the VPN to have the locally cached credentials updated? Would be good if there was a proper user
Script blocked by the browser on the login page
We are experiencing the following issue: When users are logging in, the browser does not load the required script and just hangs there. If the user refreshes the page (F5), they are already logged in and can continue. This has been tested with multiple browsers - screenshots from Chrome and Edge are attached. The ADSS build number is 5600 Has anyone had this before - any ideas? Thanks
large files mdmp extention
Hello, After a support session from one of the ManageEngine employees we've got a large ADManageEngine folder filled with .MDMP files. The folder is about 10GB in size, "8,16GB" files in the \bin\ folder, all files with the following names: hs_err_pid276.mdmp - 246mb hs_err_pid868.mdmp - 260mb hs_err_pid1572.mdmp - 258mb hs_err_pid1708.mdmp - 255mb hs_err_pid3032.mdmp - 252mb What can i do with the files? Can i delete them all?
ADSelfService enrolled and non-enrolled database table column names
Does anyone know the table column name that stores enrolled and non-enrolled users? I are looking to add non-enroll users to an Active Directory group and since ADSelfService doesn't remove users from AD groups, I am working on a script to remove users from the AD group once they are enrolled.
Pre-Configure IOS App
Hi all We use VMWare AirWatch for our MDM and when i deploy the android app, i can preconfigure the webaddress, port and protocol as part of the deployment, but i cannot seem to be able to see this in the IOS version. Does anyone know if it is possible and if so how to do it? Thanks.
Invalid Email-ID
Hi. Trying to run through the Mobile App Deployment wizard and at the second stage "Getting CSR Signed from ManageEngine" I'm asked to enter a From Mail-ID. I enter a valid address but I get an error saying "Invalid Email_ID" Any ideas?
DNS refresh?
Is there a way to refresh/flush the DNS when trying to install the GINA? There are a lot of computers that have incorrect and old DNS/IP details so the server cannot find them.
Adding wildcard SSL cert to ADSelfService Plus
Hi, I have a wildcard certificate for our domain and I have the *.crt files but I'm not sure how to import these into ADSelfService Plus?
SSL certificate issue
Hi, We've recently purchased ADselfservice plus portal, we've gone through of configuring everything so where able to access the portal outside the network however I want to make it more secure, but we are having some issues with installing the SSL Certificate. We already have an wildcard SSL certificate and when I go to download the certificate from 123 Reg, it isn't an download file but text. Do we copy this text into notepad to then convert it to a pfx format file? I have done the above and
Error when changing, resetting or unblocking user "Account blocked."
We are presenting the error attached to the platform in an exporadic but concurrent way, when changing the password, resetting the password and regardless of the type of user authentication "SMS or Googl Authenticator" says that the user is blocked even though the policy is configured option to unlock the user once the key is reset or changed. already validate the user in the active directory and it is not blocked, could it be an error in the application ?.
How Can I config Windows Login TFA
Hello there, I have set up a new policy configuration on ADSSP. I activated the verification code in the Login TFA tab for this policy. I chose only for IT users over OU. I made Password Policy Enforcer settings for this policy. I enabled Windows Logon TFA from the GINA / MAC tab. I restarted the ADSSP service. I reinstalled a test user from GINA / MAC Installataion. but windows logon TFA is not working Please help me?
Running 2 instances of ADSS on the same AD
Hello, I would like to know whether it is possible to have 2 separate instances of AD SelfService Plus on the same AD. We want to use one of those as internal and the other that we already have will be external. Would we need separate licensing for the second one? Thanks Zhivko
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using OneLogin?
Last week we saw how ADSelfService Plus facilitated SSO for its web console through Okta. This week let’s learn how to set up one click access to ADSelfService Plus’ console through OneLogin. If SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, OneLogin will authenticate the request and grant access to the ADSelfService Plus portal. When a user is already logged in to OneLogin and tries to access ADSelfService Plus, the user will be granted access automatically.
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using Okta?
If your organization uses SAML-based identity provider (IdP) applications such as Okta, you can enable one click access (SSO) to ADSelfService Plus' web console. Once SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, Okta will authenticates the request and grants access to ADSelfService Plus portal. If a user is already logged in to Okta and tries to access ADSelfService Plus, the user will be granted access automatically. Prerequisite If you do not find ADSelfService
[ManageEnginge] Effective AD password management techniques revealed
Hello, Whether you are an administrator or an end user, managing passwords is hard. It doesn't have to be that way anymore! Attend our Effective password management techniques for your Active Directory environment webinar and learn simple techniques that boost up both the productivity and security of your IT environment. ..Book your spot now.. What's in it for you By attending our webinar you will learn how to: Enable password self-service and self-account unlock for end users. Group or OU-specific
[Tips & Tricks] Bulk disenrollment of users in ADSelfService Plus
ADSelfService Plus offers administrators the convenience of performing bulk disenrollment of users. This feature allows them to manage user’s licenses effectively and also not be pushed to the extent of disenrolling users one at a time. Administrators can choose between the following two options to perform bulk disenrollment. Select multiple users from Enrollment Reports. Import users from a CSV file. Method 1: Select multiple users from Enrollment Reports. Log into ADSelfService Plus as an
[Tips & Tricks] Updating cached credentials by configuring custom VPN providers in ADSelfService Plus.
ADSelfService Plus can automatically update the locally cached credentials in remote users’ machines as and when they reset their passwords. To update cached credentials, ADSelfService Plus requires the Windows logon agent, bundled with the product, and a command line VPN client to be installed in the users' machines. It supports these VPN clients: Fortinet, Cisco IPSec, Cisco AnyConnect, Windows Native VPN, SonicWall NetExtender, Checkpoint EndPoint Connect, and SonicWall Global VPN. You can also
Next Page