Troubleshooting Common Errors | ManageEngine ADSelfService Plus

Troubleshooting Guide for Common Errors in ADSelfService Plus End User Portal

Permission denied. Please contact your administrator.

Cause: There are two reasons why this error could occur:
  1. End users trying to access any of the self-service features in ADSelfService Plus such as password reset or directory self-update need to be included in a self-service policy that provides access to those features. If they are not, they will get this error.
  2. Since ADSelfService Plus supports the creation of multiple self-service policies, a user may belong to two self-service policies, one of which doesn't provide permission to access the self-service features. In this case, the policy which provides the user access to the self-service feature must be given top priority.
Solution: Configure a self-service policy to include the user. Follow the steps below:
  1. Log in to the ADSelfService Plus admin portal.
  2. Go to Configuration > Self-Service > Policy Configuration.
  3. You can either create a new policy or edit an existing policy.
  4. Select the features you want to enable.
  5. Click the Select OUs/Groups button and select the OU or group the user is part of.
  6. Click OK and then Save Policy.
  7. To prioritize the policy, click the double arrow icon [] next to the Add New Policy button and reorder the policy as per your requirement.

Access denied for account unlock. Please contact your administrator.

Cause: When you add an Active Directory (AD) domain in ADSelfService Plus, you should provide an account that has Domain Admin privilege to carry out the self-service operations such as password reset and account unlock. If you haven’t configured an account or the account doesn’t have Domain Admin privilege, these errors will occur.

Solution: Configure the AD domain with Domain Admin privileges. Follow the steps below.
  1. Log in to the ADSelfService Plus admin portal.
  2. Click on Domain Settings in the top-right corner.
  3. Select the AD domain for which the users get this error and click the Edit icon under the Actions column.
  4. Select the Authentication checkbox.
  5. Enter the Domain Username and Password of an account that has Domain Admin privileges.
  6. Click Save.

Access denied due to insufficient license. Please contact your administrator.

Cause: This error will occur if you have exhausted the ADSelfService Plus license and a user who hasn’t been assigned a license tries to access the product.

Solution: Make sure you have enough free licenses for all the users in your organization. You can upgrade your license with more seats by contacting To check for prices, visit our online store.

You can also use the License Management > Restrict Users option under the Admin tab to manually or automatically restrict users, such as inactive and disabled users, to reclaim the licenses assigned to them and assign it to other users who need them.
To learn more, refer our detailed guide on license management.

Service account configured in this application has expired. Please contact your administrator.

Cause: The service account configured under the Domain settings might be locked out or its password might have expired.

Solution: Change the password of the service account, unlock it, or configure a new account with Domain Admin privilege for the AD domain under Domain Settings. To modify the domain settings:
  1. Log in to the ADSelfService Plus admin portal.
  2. Click on Domain Settings in the top-right corner.
  3. Select the AD domain for which the users get this error and click the Edit icon under the Actions column.

No such user account configured. Please try with different username/domain.

Cause: Since multiple Active Directory domains can be configured in a single ADSelfService Plus instance, the user might have selected the wrong domain in the login screen.

Solution: Make sure the user selects the correct domain in the login screen.

Unable to login. Multiple user accounts are mapped for the same login attribute. Please contact your administrator.

Cause: ADSelfService Plus can be configured to allow users to login using any unique AD attribute such as mobile and mail in place of sAMAccountName. This error appears when two or more users have the same value for the chosen login attribute.

Solution: Make sure the attribute you have configured can have only unique value for each user. You can configure unique attributes for login by following the steps below:
  1. Log in to the ADSelfService Plus admin portal.
  2. Go to Admin > Customize > Logon Settings.
  3. Under the General tab, click on the Select attribute list link next to Enable other unique attributes to log in to the product.
  4. Select attributes that can have only unique values for each user.

        New to ADManager Plus?

          New to ADSelfService Plus?

            • Related Articles

            • ADSelfService Plus product startup issues

              What do you need to know before troubleshooting You need to have administrator access to ADSelfService Plus. When you experience an error with ADSelfService Plus, check if these prerequisites are satisfied: Install ADSelfService Plus as a service ...
            • Sequential ADSelfService Plus Windows agent login installation process

              This article highlights the process sequence for the ADSelfService Plus Windows login agent installation via the admin portal and the prerequisites to be addressed to successfully complete each step. Additionally, we're also discussing some common ...
            • Excluding ADSelfService Plus from antivirus software

              Antivirus software plays a huge role in securing an organization's IT environment. Some antivirus software might not trust third-party applications, like ADSelfService Plus, and flag them as threats, which can impede how the product works. To prevent ...
            • How to enable offline MFA in ADSelfService Plus

              ADSelfService Plus supports offline MFA for Windows machine logins, User Account Control (UAC) prompt elevation, and RDP server authentication when the product server is unreachable. Windows machines can be secured by MFA in two ways: Online MFA: The ...
            • How to integrate ServiceDesk Plus with ADSelfService Plus?

              Description: By integrating ManageEngine ServiceDesk Plus and ADSelfService Plus, you get to: Automate ticket creation in ServiceDesk Plus for every self-service operation performed by end users using ADSelfService Plus. This empowers help desk ...