Common issues for the SPE client include network restrictions such as load balancers, proxy servers and Certificate Authorities. If the SPE is restricted by any of these then the Password Manager server cannot be contacted and the user will receive an error.
GPO options for Proxy Settings
The following Proxy options can be set using the included ADM template found in the installation media under Password Manager\Setup\Administrative Template:
Enable proxy server access
This policy setting determines whether connections to the Self-Service from the Windows logon screen are established through the specified proxy server.
Enable proxy server access
Specifies the settings required to enable proxy server access to the Self-Service site from the Windows logon screen.
Configure optional proxy settings
Specifies optional settings for the proxy server access.
As previously noted, common issues include conflicts with proxy servers, load balancers and firewalls.
If the SPE cannot communicate with the Self-Service site, try the following:
- Logon to the workstation and confirm that the Self-Service URL that is published on the desktop (shortcut) works
- Make note of the URL that is set in the browser address bar
- Logon to the Password Manager Admin site and under General Settings | Realm Instances ensure the URL is the same.
If the URL is incorrect in the Admin site:
- Update the setting on the Realm Instances page to the correct desired URL
If the URL is correct in the Admin site:
- Check in Active Directory under System\One Identity for any Service Connection Points. You can either use ADSIEdit or Active Directory Users and Computers MMC Snap-Ins.
Any stale or invalid Service Connections Points available, must be deleted.
In order to determine whether or not the Service Connection Points are valid, you will have to right-click and select Properties on the object and click Attribute Editor. Look for keywords and then click Edit. Look for the entries called CONFIGURATION.SERVER_URLS, CONFIGURATION.TIME_STAMP and also VERSION.ProductVersion.
- If the URLs and Service Connection Point objects are correct, check proxy settings.
Check with your internal team that is responsible for the proxy server configuration to confirm whether or not anonymous access is allowed.
If it is not allowed, try setting the following options in a GPO using the Password Manager Administrative template:
Proxy server: i.e. http://proxy.dc.domain.com:8080
Proxy server configuration script: http://proxy.dc.domain.com/proxy.pac
- Confirm the Network Load Balancer has the correct server IP addresses configured.
Check with your internal team that is responsible for the Network Load Balancer to ensure it has the correct IP addresses for all Password Manager servers using the Self-Service URL.
The Offline Password Reset utility allows resetting passwords when users have forgotten their current passwords and their computers are not connected to the Intranet (Active Directory is not available).