When attempting to reset a users password with the password reset web portal or the "SOS" button in the Advanced Logon GINA: The user see's the following error message:
Web portal:
"Password reset server is not available now"
GINA:
"The server is unreachable"
This is usually an AD permissions issue.
It could also be that the password reset server is not available or not functioning
There are a number of configuration points to check:
Check that the password reset server FQDN is specified in the Access Point profile:
Click the "Emergency Access" tab and check the correct reset password servers are listed here. These should be in FQDN form, such as:
dc1.quest.local
Check that password resets are enabled for the user in the User profile:
Click the "Emergency Access" tab and configure the questions.
Check that the user specified for password resets is in the correct form of "DOMAIN\username":
Open the server configuration tool from the CD:
TOOLS\WGSrvConfig\TOOLS\WGSrvConfig
Select: "Define administrator credentials for Reset Password"
Enter the username and password for this user.
Check that the password reset user has been "delegated" rights in AD to reset a users password.
Check that the user or group specified for "Technical Account" has been granted permission in AD:
Open the server configuration tool from the CD:
TOOLS\WGSrvConfig\TOOLS\WGSrvConfig
Select: "Extend Active Directory Schema"
Run through the Wizard to re-apply the ACL's for you service account user.
If password resets are still failing then it is advised that you turn on debugging (aka: tracing), and open a support case with Quest Support.
To enable trace debugging on the password reset module:
Create the following registry key:
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\ResetPassword\
Name: Tracedir
Type: String Value
Contents: The directory where you wish the logs to be created. For example:
c:\logs
Ensure the directory is pre-created, then restart the Apache web service.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center