Currently, the Password Policy Manager (PPM) component does not support Local Security Authority (LSA) protection. |
295089 |
When User Principal Name (UPN) is used as service account, installing a Password Manager hotfix can lock the service account.
Workaround
To solve the problem:
-
Change the service account to the domainname\username format.
-
Provide a password for the same service account user.
-
Install the Password Manager hotfix. |
255614 |
Following a Password Manager upgrade, the General > Settings > Scheduled Tasks > Active Directory Sites task is disabled.
Workaround
After upgrading Password Manager to a newer version, enable the Active Directory Sites task manually. |
246147 |
When scheduled from the secondary instance of the Password Manager server, the General Settings > Unregister Users task does not run.
Workaround
Schedule the Unregister Users task on the primary instance of Password Manager. |
233679 |
If the application pool identity is a domain user with minimal permissions, then Web interface customization changes are not applied to the Self-Service and Helpdesk Sites. |
233658 |
In the General Settings > Instance Reinitalization page, the Corporate phone attribute is not imported from the primary instance to the secondary instance.
Workaround
Update the Corporate phone attribute manually on the secondary instance to have the same value as on the primary Password Manager instance. |
229200 |
If the Password Manager Self-Service Site contains an IPv6 address, the location-sensitive authentication (LSA) feature does not work.
Workaround
LSA currently supports IPv4 addresses only. Therefore, do not access the Password Manager Self-Service Site from an external network where the request contains an IPV6 address. |
221571 |
When configuring a dictionary rule in the Password Manager Administration Site, the Policy Rules > Dictionary Rule > Enable dictionary lookup to reject passwords that contain > Beginning characters of a dictionary word setting does not work correctly if you specify only 2 beginning characters.
Workaround
One Identity recommends using the A complete word from the dictionary (QPMDictionary.txt) setting when configuring a dictionary rule. |
221468 |
If no appropriate authentication methods are configured for it, the Forgot My Password screen may appear blank in the Password Manager Self-Service Site or Helpdesk Site.
Workaround
In the Password Manager Administration Site, One Identity recommends configuring the Register workflow with Security Questions as one of its registration modes. |
221389 |
When a symmetry rule is configured with the Policy Rules > Symmetry Rule setting of the Password Manager Administration Site, it may fail to validate passwords containing non-consecutive characters.
Workaround
Do not use the Policy Rules > Symmetry Rule > Maximum number of consecutive characters within a password, that read the same in both directions (pass4554word) setting. |
220177 |
In a Password Manager for AD LDS environment, if the User Scope is configured with an AD LDS account, the Forgot My Password and Manage My Passwords workflows will fail.
Workaround
When configuring a User Scope, do not use The following AD LDS account setting of the Access account > Edit AD LDS Instance Connection dialog. |
220171 |
When a Questions and Answers Policy is updated with any language other than English, users may receive both the default and the custom email notifications on the Password Manager Self-Service Site.
Workaround
For the Email user if workflow succeeds workflow, change the value of the Select email template to use setting to Customize. |
219401 |
When searching users with reCAPTCHA enabled, not entering reCAPTCHA for the second time results in a non-human readable error message.
Workaround
Always search for users with the correct username and with the reCAPTCHA check completed. |
217064 |
Upgrading Password Manager from version 5.6.3 to 5.9.x keeps the previous My Questions and Answers profile workflow.
Workaround
To solve the problem:
-
In the Password Manager Administration Site, navigate to the My Questions and Answers profile workflow.
-
Open Workflow Settings > Availability.
-
Set Enable the workflow to Never.
-
Select Show the workflow on the Self-Service site.
-
To apply your changes, click OK. |
215892 |
The User Status Statistics scheduled task may fail intermittently. |
171590 |
After upgrading to Password Manager 5.9.x, the My Notifications custom workflow cannot be edited in the Password Manager Self-Service Site.
Workaround
One Identity recommends to use the legacy Self-Service Site to edit the My Notifications workflow. |
171589 |
When using Password Manager for AD LDS, the Password Policies page of the Administration Site is not updated when a password policy is created.
Workaround
After a new Password Policy is created, click Save, and immediately cancel the Add New Policy wizard. The page will refresh and list the new policy. |
170587 |
After upgrading to Password Manager for AD LDS 5.9.x, the General Settings > Search and Logon Options menu may display an error when its settings are modified.
Workaround
To solve this problem:
-
In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.
-
In the Users must enter the following user account attribute for identification setting, change the value from sAMAccountName to cn. |
170560 |
Domain users may not be able to access the Password Manager Administration Site, even if they are members of the local PMAdmin group.
Workaround
When using Password Manager 5.8.x or newer, domain users can access the Administration Site only if they are members of both the local PMAdmin group, and either the IIS_IUSRS group or the Administrators group. |
170441 |
In Password Manager for AD LDS, certain column data required for custom activities are not available in generated reports. |
170355 |
After upgrading Password Manager from an earlier version to 5.9.x, the upgrade process may create duplicate URL references for the Password Manager User Site.
Workaround
Manually delete URL shortcuts that are not required. |
169921 |
When a Password Manager for AD LDS instance and the Password Manager for AD LDS server instance are not configured on the same machine, Password Policy Rules are not displayed in the new and legacy Password Manager for AD LDS Self-Service Sites.
Workaround
Configure the Password Manager for AD LDS instance and the Password Manager for AD LDS server instance on the same machine. |
169763 |
The user search settings of the Password Manager for AD LDS Helpdesk Site may work incorrectly.
Workaround
To solve the problem:
-
In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.
-
Use the cn attribute instead of mail to search for users. |
169384 |
When editing a Questions and Answers Policy, you may be unable to edit or delete translated questions.
Workaround
To edit existing translated questions, add another translated language. |
168957 |
The Password Manager Self-Service Site may not launch on Secure Password Extension (SPE) through a 32-bit operating system.
Workaround
If you have a 32-bit operating system, One Identity recommends to use the legacy Self-Service Site. |
167871 |
When a password is changed from the target Active Directory (AD) system to that of the source AD, One Identity Quick Connect may be unable to synchronize passwords.
Workaround
Restart the Quick Connect Capture Agent Service on all the source and target systems. |
167573 |
In Password Manager versions 5.8.2 and 5.9.x, you can only reconnect to a domain on the second attempt.
Workaround
To solve the problem:
-
In the Password Manager Administration Site, select the User Scope, Helpdesk Scope or Password Policy you want to configure.
-
Click Add domain connection twice to add a new domain connection. |
166950 |
In email notifications, the #OPERATOR_ACCOUNT_NAME#, #OPERATOR_IP#, #WORKFLOW_RESULT#, and #WORKFLOW_SUMMARY# parameters are not populated. |
141728 |
On Windows Server 2019, the Password Manager Service and One Identity rSMS Service may stop.
Workaround
To solve the problem, make sure that the domain controller machine and the clients are at two separate entities. |
127587 |
When editing a dictionary file between the size of 10–20 MB from a Password Policy, the web browser session may crash, and an error may appear in the Windows Event Viewer.
Workaround
If you must modify a dictionary file larger than 10 MB, edit it from the domain machine where Password Policy Manager (PPM) is installed. |
115957 |
When performing a password reset with the Password Manager Helpdesk Site, the site also accepts the previous/old password.
Workaround
Manually enter a different password during the short duration of the password reset. |
114822 |