This article highlights the process sequence for the ADSelfService Plus Windows login agent installation via the admin portal and the prerequisites to be addressed to successfully complete each step. Additionally, we're also discussing some common error messages and how to fix them.
Process flow for Windows login agent deployment from the ADSelfService Plus admin portal
Prerequisites:
Before deploying the login agent, ensure ADSelfService Plus is running in application mode.
The credentials provided during domain configuration must belongs to a service account that is a part of the Active Directory Domain Admins group.
Step 1) The ADSelfServicePlusClientSoftware.msi file gets copied over to the target machine under the admin$ share
- The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to access the admin$ share of the target user machine.
- The admin$ share should be accessible over the network.
Step 2) Remote installation. The copied file then gets executed remotely using RemCom.exe, PAExec.exe, or WMI
The above applications should not be restricted by any antivirus services to be executed properly.
Step 3) The login agent's properties are updated after the installation is completed
- The Windows Remote Registry service must be running on the target user machine.
- The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to have update permissions for Windows Registry settings on the target machine.
How to configure a domain using service account with Domain Admin permissions in ADSelfService Plus
In order to deploy the Windows login agent, the service account updated in our application must belong to the Domain Admins Active Directory group. Please follow the steps provided below to update the service account in the ADSelfService Plus application:.
Log into the ADSelfService Plus admin portal. Click Domain Settings on the top-right corner.
Under the Actions column, click the Edit Domain Details icon. The Edit Domain Settings page will open.
Here, select the Authentication checkbox, and add or update the preferred service account's credentials as the Domain Username and Domain Password.
When running as ADSelfService Plus as a service, follow the below steps as well
1. Log into a Domain Admin account Go to Start > Run > Services.
2. In the Services application that opens, browse to ManageEngine ADSelfService Plus. Right-click, and select Properties from the drop-down that appears.
3. In the Properties window that opens, go to the Log On tab. Under Log on as, select This Account, browse and update the service account's credentials.
Common errors that hinder the Windows login agent installation sequence
- Access to admin$ of the client computer is not available
In the machine where ADSelfService Plus is installed, select Start > Run, and type \\<client ComputerName>\admin$. If you get the same error, enable Remote Administration exception on the client computers as below:
- From the client computer, select Start > Run and type gpedit.msc and press Enter.
- Expand the Administrative Templates > Network Connections > Windows Firewall.
- Click the Domain Profile and double-click the Firewall: Allow remote administration exception.
- Select Enabled and click OK.
- Windows Remote Registry Services are not enabled
To enable Remote Registry Services:
- Open Services.
- Find the Remote Registry service.
- Verify that it runs on System Startup.
- Antivirus software blocks the login agent installation
Please disable any antivirus or firewall on the client and server then try to reinstall the Windows login agent. The RemCom.exe file is used to install the client software remotely to the machines. Please exclude the installation directory of ManageEngine ADSelfService Plus in antivirus software so that the RemCom.exe file is not blocked from accessing the ADSelfService Plus server.