Chat now with support
Chat with Support

Password Manager 5.10.1 - How-to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Starling 2FA Customizations Troubleshooting

Common Issues

Common issues for the SPE client include network restrictions such as load balancers, proxy servers and Certificate Authorities. If the SPE is restricted by any of these then the Password Manager server cannot be contacted and the user will receive an error.

New GPO options for Proxy Settings

GPO options for Proxy Settings

The following Proxy options can be set using the included ADM template found in the installation media under Password Manager\Setup\Administrative Template:

 

Table 8:

Proxy settings

Proxy Options

Description

Enable proxy server access

This policy setting determines whether connections to the Self-Service from the Windows logon screen are established through the specified proxy server.

Enable proxy server access

Specifies the settings required to enable proxy server access to the Self-Service site from the Windows logon screen.

Configure optional proxy settings

Specifies optional settings for the proxy server access.

Workarounds

As previously noted, common issues include conflicts with proxy servers, load balancers and firewalls.

If the SPE cannot communicate with the Self-Service site, try the following:

  1. Logon to the workstation and confirm that the Self-Service URL that is published on the desktop (shortcut) works
  2. Make note of the URL that is set in the browser address bar
  3. Logon to the Password Manager Admin site and under General Settings | Realm Instances ensure the URL is the same.

    If the URL is incorrect in the Admin site:

    • Update the setting on the Realm Instances page to the correct desired URL

    If the URL is correct in the Admin site:

    • Check in Active Directory under System\One Identity for any Service Connection Points. You can either use ADSIEdit or Active Directory Users and Computers MMC Snap-Ins.

Any stale or invalid Service Connections Points available, must be deleted.

In order to determine whether or not the Service Connection Points are valid, you will have to right-click and select Properties on the object and click Attribute Editor. Look for keywords and then click Edit. Look for the entries called CONFIGURATION.SERVER_URLS, CONFIGURATION.TIME_STAMP and also VERSION.ProductVersion.

Example:

Figure 2:  

  1. If the URLs and Service Connection Point objects are correct, check proxy settings.

    Check with your internal team that is responsible for the proxy server configuration to confirm whether or not anonymous access is allowed.

    If it is not allowed, try setting the following options in a GPO using the Password Manager Administrative template:

    Proxy server: i.e. http://proxy.dc.domain.com:8080

    Or

    Proxy server configuration script: http://proxy.dc.domain.com/proxy.pac

  2. Confirm the Network Load Balancer has the correct server IP addresses configured.

    Check with your internal team that is responsible for the Network Load Balancer to ensure it has the correct IP addresses for all Password Manager servers using the Self-Service URL.

Offline Password Reset

The Offline Password Reset utility allows resetting passwords when users have forgotten their current passwords and their computers are not connected to the Intranet (Active Directory is not available).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating