Troubleshooting Common Errors | ManageEngine ADSelfService Plus

Troubleshooting Guide for Common Errors in ADSelfService Plus End User Portal

Permission denied. Please contact your administrator.

Cause: There are two reasons why this error could occur:
  1. End users trying to access any of the self-service features in ADSelfService Plus such as password reset or directory self-update need to be included in a self-service policy that provides access to those features. If they are not, they will get this error.
  2. Since ADSelfService Plus supports the creation of multiple self-service policies, a user may belong to two self-service policies, one of which doesn't provide permission to access the self-service features. In this case, the policy which provides the user access to the self-service feature must be given top priority.
Solution: Configure a self-service policy to include the user. Follow the steps below:
  1. Log in to the ADSelfService Plus admin portal.
  2. Go to Configuration > Self-Service > Policy Configuration.
  3. You can either create a new policy or edit an existing policy.
  4. Select the features you want to enable.
  5. Click the Select OUs/Groups button and select the OU or group the user is part of.
  6. Click OK and then Save Policy.
  7. To prioritize the policy, click the double arrow icon [] next to the Add New Policy button and reorder the policy as per your requirement.

Access denied for account unlock. Please contact your administrator.

Cause: When you add an Active Directory (AD) domain in ADSelfService Plus, you should provide an account that has Domain Admin privilege to carry out the self-service operations such as password reset and account unlock. If you haven’t configured an account or the account doesn’t have Domain Admin privilege, these errors will occur.

Solution: Configure the AD domain with Domain Admin privileges. Follow the steps below.
  1. Log in to the ADSelfService Plus admin portal.
  2. Click on Domain Settings in the top-right corner.
  3. Select the AD domain for which the users get this error and click the Edit icon under the Actions column.
  4. Select the Authentication checkbox.
  5. Enter the Domain Username and Password of an account that has Domain Admin privileges.
  6. Click Save.

Access denied due to insufficient license. Please contact your administrator.

Cause: This error will occur if you have exhausted the ADSelfService Plus license and a user who hasn’t been assigned a license tries to access the product.

Solution: Make sure you have enough free licenses for all the users in your organization. You can upgrade your license with more seats by contacting To check for prices, visit our online store.

You can also use the License Management > Restrict Users option under the Admin tab to manually or automatically restrict users, such as inactive and disabled users, to reclaim the licenses assigned to them and assign it to other users who need them.
To learn more, refer our detailed guide on license management.

Service account configured in this application has expired. Please contact your administrator.

Cause: The service account configured under the Domain settings might be locked out or its password might have expired.

Solution: Change the password of the service account, unlock it, or configure a new account with Domain Admin privilege for the AD domain under Domain Settings. To modify the domain settings:
  1. Log in to the ADSelfService Plus admin portal.
  2. Click on Domain Settings in the top-right corner.
  3. Select the AD domain for which the users get this error and click the Edit icon under the Actions column.

No such user account configured. Please try with different username/domain.

Cause: Since multiple Active Directory domains can be configured in a single ADSelfService Plus instance, the user might have selected the wrong domain in the login screen.

Solution: Make sure the user selects the correct domain in the login screen.

Unable to login. Multiple user accounts are mapped for the same login attribute. Please contact your administrator.

Cause: ADSelfService Plus can be configured to allow users to login using any unique AD attribute such as mobile and mail in place of sAMAccountName. This error appears when two or more users have the same value for the chosen login attribute.

Solution: Make sure the attribute you have configured can have only unique value for each user. You can configure unique attributes for login by following the steps below:
  1. Log in to the ADSelfService Plus admin portal.
  2. Go to Admin > Customize > Logon Settings.
  3. Under the General tab, click on the Select attribute list link next to Enable other unique attributes to log in to the product.
  4. Select attributes that can have only unique values for each user.

      New to ADSelfService Plus?


            • Related Articles

            • Excluding ADSelfService Plus from antivirus software

              Antivirus software plays a huge role in securing an organization's IT environment. Some antivirus software might not trust third-party applications, like ADSelfService Plus, and flag them as threats, which can impede how the product works. To prevent ...
            • How to integrate ServiceDesk Plus with ADSelfService Plus?

              Description: By integrating ServiceDesk Plus and ADSelfService Plus, you get to: Automate ticket creation in ServiceDesk Plus for every self-service operation performed by end users using ADSelfService Plus. This empowers help desk technicians to ...
            • How to install P7B certificate in ADSelfService Plus?

              Summary This article will guide you through the process of applying a single-domain certificate (CER, CRT, P7B, etc.) in ADSelfService Plus. Configuration steps Step 1: Enable HTTPS in ADSelfService Plus Log in to ADSelfService Plus with admin ...
            • How to prevent concurrent logins for a user in ADSelfService Plus

              Solution Concurrent logins can lead to the use of valid credentials by illegitimate personnel at the same time as the legitimate user to authenticate to the network. This could lead to multiple security issues within the organization like misuse of ...
            • Updating the ADSelfService Plus Login Agent in Windows

              The ADSelfService Plus Login Agent can be installed on machines running Windows manually, through the ADSelfService Plus admin portal, via GPOs, SCCM, and tools like Endpoint Central. You can update the Windows Login Agent in the following ways: Via ...