Pricing  Get Quote
 
 

Knowledge Base

Self Service Password Management » Knowledge Base

Resolving slow performance or connection errors with the ADSelfService Plus login agent

In this article:

Issue description

Users may observe significant delays during the Windows login process or receive the error message Identity server is either unreachable or could not be securely reached after installing the ADSelfService Plus login agent. This issue typically occurs on machines where the login agent attempts to communicate with the ADSelfService Plus server over an SSL-secured connection.

Possible causes

The Local System account on the client machine is unable to access the Certificate Revocation List (CRL) URL over the internet—often due to firewall or proxy restrictions. This typically occurs when the SSL certificate for ADSelfService Plus is issued by a public Certificate Authority (CA), such as GoDaddy, Digicert, or Sectigo, but network policies prevent the client machine from reaching the CA's CRL URL required for certificate validation via the Online Certificate Status Protocol (OCSP).

Prerequisites

  • Administrative access to client machines.
  • Permissions to modify firewall or proxy settings.

Resolution

  1. On the client machine, open the ADSelfService Plus portal in a browser (e.g., https://adss.yourcompany.com:9251).
  2. Click the padlock icon in the address bar. Select View certificate and navigate to the Details tab in the Certificate pop-up.
  3. Select Authority Information Access and, in the section below, copy the URL value listed under Authority Info Access.
  4. Open Command Prompt as an administrator and run the Test-NetConnection command to verify connectivity to the copied URL.
  5. If you receive the result TcpTestSucceeded : False, then outbound access to the CRL URL is blocked.
  6. In the machine's firewall or Windows proxy/WinHTTP settings, create an allow rule for the identified CRL URL (e.g., http://crl.godaddy.com).

Validation and confirmation

Reboot the affected client machine and attempt to log in to the machine. The delay or error should be resolved, confirming successful SSL certificate validation.

How to reach support

If the issue persists, contact our support team here.

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights of ADSelfService Plus

Password self-service

Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.

One identity with single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.

Password and account expiry notification

Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.

Password synchronization

Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.

Password policy enforcer

Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.

Directory self-update and corporate directory search

Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.

« Home
Knowledge Base »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products