Ports for GINA install.
Hello! Can someone please tell me the ports I need to have open on our firewall to "push" install GINA to all of my PC's?
Password change option
Hello, I enable password change option and I have a problem. In IE all works fine, in Chrome after input login and password I see alert "This page is trying to load scripts from unauthenticated sources", in Firefox after input login and password I see alert "Mixed content blocking". In password reset tool I don't receive any error. How I can fix this problem? Regards, Anton
Can't install GINA on any PCs
Hi Please could you help to debug. I can't install GINA Agent on any PCs in Domain. There is no problem with agent installation for SD+ or DeskCentral agent. Our build 5326 Windows Event log error due Installation initialization: The Interactive Services Detection service terminated with the following error: Incorrect function. Event ID: 7023 Status: Couldn't copy the MSI file "ADSelfServicePlusClientSoftware.msi" to the client machine Best regards Dmitry
Remote password changes - Can't get to work more the 50/50
Our company has about 400 remote users not on our domain with approximately 100 users at the corporate office and connected to the domain. We are cloud based for just about everything hence our interest in Manage Engine and password changes. Unfortunately we were led to believe we would not need a VPN connection to change ones password and the system (Manage Engine) would update the cache including passwords on local devices. We accepted the VPN process using Cisco AnyConnect and have found it
Apache Struts has been flagged as being vulnerable
Hello, the version of Struts used by the AD Self Service Portal is Struts version 1.1. Our IT security has flagged this as a serious security issue. Will Struts be updated to the latest version in the next build ? Strusts 1.1 is very old, has exploits, is unsupported and has long since reached its end-of-life. https://beta.nvd.nist.gov/vuln/search/results?adv_search=true&cpe=cpe%3a%2fa%3aapache%3astruts%3a1.1 https://struts.apache.org/struts1eol-announcement.html Thanks John
Did you know - How to configure Single Sign-On in ADSelfService Plus? (Part 3 - Zendesk)
This week let me take you through the steps to configure Single Sign-On for Zendesk. Once SSO is configured, users can access their Zendesk accounts with just their Active Directory or Microsoft Windows credentials. ADSelfService Plus also allows you to access Zendesk accounts with just a single click, from its web console. Single Sign-On for Zendesk: Step 1: Configuring ADSelfService Plus Login to ADSelfService Plus web console with the administrator credentials. Navigate to Configuration -->
Software not accessible after reboot
Hi I have installed the software and it is working fine. However, once I reboot my workstation the ADSM Server does not automatically restart by itself? I have to run the 'startADSSP' batch file and this then starts all the services and I am able to access the URL again: http://localhost:8888/authorization.do Surely this is not right? Please can someone point me in the right direction and let me know what is going wrong? Many thanks
Logging into ADSelfService Plus after workstation reboot
Hi I have installed this software and all works fine. However once I reboot my workstation and then attempt to login to: http://localhost:8888/authorization.do I just get a "Page can't be displayed" error. The only way to fix it is to reinstall the software and then it will start working again... Any advice please? Thanks
Autoenroll users based on User Principal Name (UPN)
From what I can understand, it is not possible to auto enroll users based on User Principal Name (UPN - e.g firstname.last@domain.com) and they can only be enrolled based on sAMAccountName. Can this be modified so that we can also enroll based on UPN?
SMS Enrollment
How do I enforce users enter their phone numbers with a leading '1' (trunk prefix) when enrolling? It will accept their phone number without it, then when they attempt to unlock an account the SMS will error out due to the missing '1'. The only option I see is to set the format to XXX-XXX-XXXX - which does the opposite, and does not allow them to enter the 1 at all. Or is there a way to have the SMS gateway just add the 1 if not present to all? Thank you!
Cannot send mail
I am running ADSelfService Plus on a Windows 7 machine. I have an SMTP server in house and I can telnet to port 25 on that server (Windows 2012) from the Windows 7 command line, however, I cannot send mail from the application. I have other applications on that system that are able to send mail. It tells me that is cannot connect to port 25 on that server. Any ideas?
Auto-Expire Registered Users Accounts
We seem to have issues where users go long periods of time after their initial registration, where when they have to use the self-serve unlock they've forgotten the answers to their questions. Would it be possible to add the ability to automatically expire a users registration within the self-server tool after a configurable amount of time, so they'd have to re-register and thus update their choose questions and answers?
Update email address to get verification code
Hi Team, Let me know if there is a way to bulk update email address for users to get verification code as multi-factor authentication. Thanks, Rakesh
Slowloris Resource Depletion and Denial of Service
I have placed a support call previously on this issue and was advised it would be fixed in the next release. That was a few releases back and this vulnerability keeps appearing on our external vulnerability scans. Are there any changes that can be made to fix this issue without waiting for a patch in one of the releases? ADSelfService Plus is running on port 443, but it does allow the redirect if a user hits it on port 80. I am guessing that is why the vulnerability is showing below on port 80.
GINA - Password Policy Enforcement only
Hello, Is it possible to hide the Reset Password / Unlock Account Button in GINA? I really like the Password Policy enforcement for when users are changing their passwords, but I am not ready to force everyone to enroll yet. If possible I would like to install the GINA client on all workstations so that users can see the password requirements. Then, once I am ready to have people enroll in the system, I can unhide the Reset Password / Unlock Account button. Thanks, Michael
Captcha field not work for Internal users
Recently we had upgrade our selfservice porta from Version 5301 to Version 5.3 SP2 5320. Now, our most of internal users report us that, they occured issue while reseting or login in self services. Continuosly they occured wrong Captcha while reseting password. & this is not for single user. We are unable to caught our productivity due to this, as users continuuosly complaint about this. we publish 'Get Started' notes to users. But it also not work. Is there any way to remove captcha section from
Enabling a Restricted User Automatically
We can currently restrict users automatically on a schedule using certain criteria (disabled, OU, etc). Could we also have the ability to automatically enable restricted users based on criteria? I restrict students that aren't current students to keep our license count down to an affordable level. However, students commonly skip terms and come back, and then need to be enabled to do password management again. Right now I don't see a way to automate this process. Criteria I would like to see
HTTP/HTTPS
Hello, I have a problem. ADSSP work behind Barracuda Load Balancer. Barracuda configured as HTTPS redirect from 80 to 8888. When i click "Cancel" in ADSSP I go to http://mylink.com. How I can change default ADSSP link to HTTPS://...? Regards, Anton
Quick Enrollment from External Database - "Unable to Fetch. Check your query or permission" when using a SQL View that uses an OPENROWSET
I am attempting to setup ADSelfService Plus to fetch data for enrollment from a MSSQL database. I am connecting to a view I have created in SQL using the following SQL statement in ManageEgine: "Select UserName, Question, Answer from ManageEngineStaffEnrollment;" (ManageEngineStaffEnrollment is the name of view I have created in SQL). This works until I modify the view in SQL to also retrieve and join data from active directory (So I can get the sAMAccountName as I cannot enroll based on UPN). The
ADSelfService Plus 5327 released
Hello Everyone! We are glad to release the latest version of ADSelfService Plus - build 5327. This release comes with three new authentication methods to beef up security for the self-service password reset and account unlock processes, along with other bug fixes. Features: Duo Security, RSA SecurID and RADIUS-based authentication support: Self-service password reset and account unlock processes are now more secure than ever thanks to three new authentication methods for verifying users’ identities.
Did you know - How to configure single sign-on in ADSelfService Plus? (Part 2 - Zoho)
This week let me walk-through through the steps to configure Single Sign-On for Zoho. Upon setting up SSO in ADSelfService Plus for Zoho accounts, customers can use their AD or Windows credentials to access their Zoho cloud accounts. The solution also allows users to access their Zoho accounts from its web console, with just a click. Configuring Single Sign-On for Zoho: Step 1: Configuring ADSelfService Plus Login to ADSelfService Plus web console with the administrator credentials. Navigate
ADSS password change option just refreshes page - does nothing. No errors
ADSS password change option just refreshes page - does nothing. No errors All of sudden (about 2 weeks ago) the ADSS application just stopped changing passwords. (All other components seem to work fine). when you try and change a password the page just refreshes quickly and that's it. No errors, nothing on the screen (and it has not changed the password). INFO: - using the domain admin account as the authentication account. - no windows updates have installed on the server (it's in a DMZ). - only
Modify Gina logo
Hi, There is a way to change the gina logo(when you launch ctr + alt + supr) "Manageengine ADSS" to one especif logo? Regards.
Password Expiry Notification
Hey Guys, So I installed and configured the Free password expiry tool. I checked all the server settings with out network engineer and test the email connection in the server settings section. The test email sends fine, but when I run the task to email users with soon-to-expire passwords, they aren't receiving the emails. I have it set to only detect users in the OU associated with all users accounts, rather than the entire AD because I don't want managed and admin accounts to be included in the
GINA\Mac VPN Client configuration different on PC and Mac
Have a question about GINA\Mac client configuration: ** Enter the location where the VPN client is installed on the users' machines. ** We'd like to use the GINA\Mac client on both PCs and Macs in our environment in order to updated cached credentials via Cisco AnyConnect. The path of the VPN client application will obviously be different on our PCs than our Macs. Will the 'VPN Client Location' field accept multiple locations separated by comma? Should we generate and maintain two separate build\configurations
adssp.common.text.message_failed
Dear Team, I got attached error massage when sending test sms. Pls check and give me a solution. Thanx
Where do you install ADSelfService Plus
So this is a super simple question but for some reason I'm not understanding how ADSelfService is installed Do you install the Software on your domain controller/some other server and clients access the web portal? or Do you install the software on every client's machine? Option two doesn't seem right, but I can't find instructions explicitly saying to install the software on a server. Thanks.
Restricted Access
Hello, I am getting a restricted access error from students who are enrolled and from those who are not enrolled. I can not figure out why both are giving off the same error.
Domain Users can not change passwords
I can change my password as a domain admin, but normal domain users can not. They get the following error:: Change Password Failed 1. Incorrect Old Password 2. Password chosen failed to meet any or all of the standards stated below: Minimum Password Length: A longer password is required. Password Complexity: Password should be a combination of alphabets & numerals. Minimum Password Age: When set, you cannot change password for specified time. Password History: Reuse of old password(s)
Some users not receiving email reminders
Some users do not receive email reminders, in audit reports I am seeing following: "Illegal semicolon, not in group"
Cannot change font for "Sign in" Box
I have set the font for everything to Arial but I cannot seem to make it work that the "Sign in" Box shows anything than times new roman. Which file do I have to alter to set Arial? With the developer tools of the browser I see that there is: <style> .fntFamily{font-family: times new roman,times,serif;} .fntSize{font-size:12px;} .common-textcolor{color:#e2001a !important;} .common-bgcolor{background:#e2001a !important;} .common-bordercolor{border-color:#e2001a !important;} .adsfntFamily{font-family:
Force Enrollment Script
I recently updated to Build 5325, prior to the updated I did not have the Force Enrollment using Logon Script feature enabled. After the update it somehow enabled this feature changing the Logon Script field in Active Directory for 3000+ from its original entry to “ADSelfService_Enroll.hta” causing a major issue. I would like to know how and why this occurred when this feature was not enabled in the first place. Any insight I can provide to my leadership team would be appreciated.
Did you know - How to configure single sign-on in ADSelfService Plus? (Part 1 - Google Apps)
With the advent of cloud technology, inevitably every organization uses one or the other cloud apps to ease out their business process. Storing the data on the cloud or accessing cloud applications for IT management is common. However, this development does come with a price too. With numerous applications on cloud, employees have to remember different passwords for each of their cloud application or account, which is a daunting task. What if I say, there's a comprehensive solution that offers users
ADSelfService Plus 5326 released with AD domain to domain password synchronization
Hello Everyone! We are glad to release the latest version of ADSelfService Plus - build 5326. This release brings Active Directory domain to domain synchronization feature along with some other enhancements and bug fixes. Enhancements: AD domain-to-domain password sync: Now you can enable password synchronization between two or more Active Directory domains. Option to synchronize passwords only after successful password reset in Active Directory. Ability to identify the IP addresses of machines used
Notification emails are only sent after logging into the console
Hello, We are having issues with the Notification emails not being sent according to the schedule. The Notification emails are only sent after logging into the console. We tried installing the service, but the service fails to start. "Some services stop automatically if they are not in use by other services or programs." Suggestions? Thanks Ron
Unlock or reset password generate 2 verification codes or secure link via email
When using the latest version 5.3.5325, if I unlock account or reset password using email verification or sms verification, it will send out 2 emails or 2 sms. Only 1 of the verification code is valid while the other already expired. Why does it generate 2 verification codes or secure link? This happen only when using Internet Explorer 11 to do the account unlock or password reset. For Chrome and Firefox, it is OK with only 1 email notification.
How to change sample Name
Hi, May I change screen sample name in ADSelf Service
How to change answers to security questions?
Can users change answers to their own security questions?
Did you know - How to configure custom SMS provider in ADSelfService Plus?
ADSelfService Plus lets you use any one of the following methods to send an SMS: GSM modem Clickatell (built-in support) Custom SMS gateway Configuring custom SMS gateway: You can configure a custom SMS gateway to send notifications and verification codes via SMS. ADSelfService Plus also extends support to both HTTP and SMTP-based SMS gateways. HTTP-based SMS gateway: Login to ADSelfService Plus with administrator credentials. Navigate to Admin-> Product Settings -> Server Settings. Select SMS Settings
GINA
Good morning, I am trying to test GINA access to ADSSP. I have tried installing it on 3 different machines, and cannot see it in the logon screen. Am I missing a step? I've copied the ADSelfServicePlusClientSoftware.msi file to the OS and installed it, with no errors. Still I'm not seeing anything. Thanks.
Next Page