Troubleshooting the GINA login agent installation

The following errors may arise during the installation of the GINA login agent, follow the solutions provided to resolve them:

  1. 'Remcom.exe' is not recognized as an internal or external command, operable program or batch file.

    This error occurs if the Remcom.exe file, which is used to install the login agent in remote machines, has been flagged and deleted by the antivirus software. To resolve this issue:

    • Check if the Remcom.exe file exists in the bin folder of ADSelfService Plus Installation directory (C:\ManageEngine\ADSelfService Plus\bin).
    • If not, check if your antivirus software has removed the file. Configure your antivirus software to trust the Remcom.exe file.
  2. Could not Install Client Software

    This error occurs because of a network timeout while installing the client software. Make sure the network connection is re-established and try to install the software again.

  3. Initiating Connection to Remote Service Failed

    This error could occur if the target computer could not be contacted. To prevent this:

    • Ensure if such a computer really exists. If so, ensure whether it is connected to the network.
    • To check for connectivity, ping this computer from the server where ADSelfService Plus is installed.
    • Make sure Remote Registry service is running in the client machine.
  4. Couldn't connect to the machine, ADMIN$.Access is denied

    This error may occur because admin share has not been enabled in the client computer. To resolve this issue:

    • Configure Domain Settings (when run as console) or the Logon Tab (when run as service) with a different user account that has Domain Admin privileges.
    • Enable admin share:
      • In the client computer, go to Start > Run and type gpedit.msc and hit Enter.
      • Expand the Administrative Templates > Network > Network Connections > Windows Firewall.
      • Click Domain Profile and double click Windows Firewall: Allow inbound remote administration exception.
      • Select Enabled and click OK.
  5. Logon Failure: The target account name is incorrect.

    This error message can occur if two computers have the same computer name. One computer is located in the child domain; the other computer is located in the parent domain.

  6. Logon failure: unknown user name or bad password.

    This error message occurs when admin share might not be enabled in the client computer. To resolve this issue:

    • Configure Domain Settings (when run as console) or the Logon Tab (when run as service) with a different user account that has Domain Admin privileges.
    • Enable admin share:
      • In the client computer, go to Start > Run and type gpedit.msc and hit Enter.
      • Expand the Administrative Templates > Network > Network Connections > Windows Firewall.
      • Click Domain Profile and double click Windows Firewall: Allow inbound remote administration exception.
      • Select Enabled and click OK.
  7. Couldn't Start Remote Service. Overlapped I/O operation is in progress.

    The Remote service couldn't be started either because the copy was blocked by antivirus or because the service couldn't be started automatically. To prevent this:

    • In the client machine, go to the Services tab and check whether the Remote Registry and Server services have started. If not, enable these services.
  8. Another version of this product is already installed.

    This error occurs when another version of this login agent is already installed in the remote machine. To prevent this, uninstall the existing client software from this machine.

  9. Another installation is already in progress.

    This error occurs when another installation is already in progress. To prevent this, try to install the client software after a few minutes.

  10. Could not connect to the machine.

    This error could occur if the target computer could not be contacted. To prevent this:

    • Ensure if such a computer really exists.
    • If so, ensure it is connected to the network.
    • To check for connectivity, ping this computer only from the server where ADSelfService Plus is installed.
  11. Network path not found/Invalid Credential.

    This error could occur if the target computer could not be contacted. To prevent this:

    • Configure Domain Settings (when run as console) or the Logon Tab (when run as service) with a different user account that has Domain Admin privileges.
    • Enable admin share:
      • In the client computer, go to Start > Run and type gpedit.msc and hit Enter.
      • Expand the Administrative Templates > Network > Network Connections > Windows Firewall.
      • Click Domain Profile and double click Windows Firewall: Allow inbound remote administration exception.
      • Select Enabled and click OK.
  12. Couldn't copy ADSelfServicePlusClientSoftware.msi

    This error occurs because the ADSelfService Plus server has insufficient privileges to access the client machine. To prevent this:

    • Configure Domain Settings (when run as console) or the Logon Tab (when run as service) with a different user account that has Domain Admin privileges.
    • Enable admin share:
      • In the client computer, go to Start > Run and type gpedit.msc and hit Enter.
      • Expand the Administrative Templates > Network > Network Connections > Windows Firewall.
      • Click Domain Profile and double click Windows Firewall: Allow inbound remote administration exception.
      • Select Enabled and click OK.
  13. Multiple connections to a server or shared resource by the same user.

    This error occurs when other applications or processes are using the same user account used by ADSelfService Plus to try and connect to the remote machine in which the login agent is to be installed. To resolve this issue:

    • Disconnect all previous connections to the server or shared resource and try again.
    • Configure Domain Settings (when run as console) or the Logon Tab (when run as service) with a different user account that has Domain Admin privileges.
  14. Error in security-core.js. The user will encounter a pop-up that displays the script error message.

    Probable causes:

    • Cookies are not enabled in Internet Explorer for the system account.
    • The ADSelfService Plus product URL is not added as a trusted site in Internet Explorer.

    Solution:

    • Follow the steps here to enable cookies.
    • Follow the steps here to add the ADSelfService Plus product URL to the list of trusted sites in Internet Explorer.
  15. A blank screen appears when the user tries to authenticate using Windows MFA or perform a self-service action such as password reset or account unlock.

    Probable cause: Cookies are not enabled in Internet Explorer on the user's system.

    Solution: Follow the steps here to enable cookies in Internet Explorer.

  16. A blank screen appears during the endpoint MFA process.

    Probable cause: The ADSelfService Plus product URL is not added as a trusted site in Internet Explorer.

    Solution: Follow the steps here to add the ADSelfService Plus URL to the list of trusted sites in Internet Explorer.

  17. When a user tries to log in to their machine, there is a delay in the loading of the GINA component.

    Probable cause: The user is using a self-signed certificate.

    Solution: Disable certification revocation, or the act of invalidating a TLS/SSL certificate before its scheduled expiration date. There are two ways to do this.

    Method 1: Adding registry values

    • Open the Run dialog box by pressing Windows + R on the machine where you have the GINA loading issue.
    • Type regedit in the Run dialog box and open the Registry Editor.
    • Navigate to Computer\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings.
    • Right-click Internet Settings and select New → DWORD.
    • Enter the registry value name as CertificateRevocation. Right-click this new registry value and select Modify. In the Edit Dword Value dialog box that appears, enter the value data as 0.

    Adding registry value

    Method 2: Changing settings in Internet Explorer

    • Download PsTools on the machine facing the issue.
    • Press Windows + R to open the Run dialog box, and type cmd to open the Command Prompt.
    • Type in the command psexec.exe -s -i "C:\Program Files (x86)\Internet Explorer\iexplore.exe.".
    • The browser will open. Now go to Settings and select Internet options.
    • Changing settings in Internet Explorer

    • In the Internet Options window, go to the Advanced tab and scroll down to the Security group in the list of Settings.
    • Uncheck the checkboxes next to Check for publisher's certificate revocation and Check for server certificate revocation.
    • Changing settings in Internet Explorer

    • Click OK to close the window.
  18. Solution: Enabling cookies in Internet Explorer on the user's system

    Verify if cookies are enabled in Internet Explorer on the user's system. If they’re not, enable cookies by following the steps below:

    1. Download PsTools on the machine facing the issue.
    2. Open the Command Prompt and run the command psexec.exe -s -i "C:\Program Files (x86)\Internet Explorer\iexplore.exe.".
    3. Internet Explorer will open. (Note: Internet Explorer is the only browser that opens for GINA-related errors in Windows, irrespective of other browsers installed on the user's system.)
    4. Go to Settings and select Internet options.
    5. Enabling cookies in Internet Explorer

    6. In the Internet Options window, go to the Privacy tab. Under Settings, select the Advanced button.
    7. In the Advanced Privacy Settings window, select the Accept radio button under both First-party Cookies and Third-party Cookies.
    8. Enabling cookies in Internet Explorer

    9. Select OK and close the Advanced Privacy Settings window.
    10. Click Sites under Settings in the Internet Options window.
    11. In the Per Site Privacy Actions window that opens, enter the ADSelfService Plus product URL in the Address of website field and click Allow.
    12. Enabling cookies in Internet Explorer

    13. Press OK to close the Per Site Privacy Actions and Internet Options windows.

    Solution: Adding the ADSelfService Plus URL to intranet/trusted sites

    1. Download PsTools on the machine facing the issue.
    2. Open the Command Prompt and run the command psexec.exe -s -i "C:\Program Files (x86)\Internet Explorer\iexplore.exe.".
    3. The browser will open. Now go to Settings and select Internet options.
    4. Enabling cookies in Internet Explorer

    5. In the Internet Options window, go to the Security tab and select Trusted sites in the Select a zone to view or change security settings field.
    6. Enabling cookies in Internet Explorer

    7. Click Sites below the Select a zone to view or change security settings field to open the Trusted sites window.
    8. Enabling cookies in Internet Explorer

    9. In the Trusted sites window, type in the URL of the ADSelfService Plus application in the Add this website to the zone field, then click Add.
    10. These steps should ensure that there are no further GINA loading issues.

Go to Top

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2021, ZOHO Corp. All Rights Reserved.