Troubleshooting Tips



 

Domain Settings

  1. When I start ADSelfService Plus, none of my domains are discovered. It says 'No Domain Configuration available'. Why?

  2. When I add my domains manually, the Domain Controllers are not resolved. Why?

  3. When I add the Domain Controller, I get the "The Servers are not operational" error. What does it mean?

  4. When I add the Domain Controller, I get the "Unable to get domain DNS / FLAT name" error. What does it mean?

  5. The status column in the domain settings says that the user does not have Admin Privilege?

1. When I start ADSelfService Plus, none of my domains are discovered. It says "No Domain Configuration available". Why?

 

ADSelfService Plus, upon starting, discovers the domains from the DNS Server associated with the machine running the product. If no domain details are available in that DNS Server, this message is displayed.

Questions

 

2. When I add my domains manually, the Domain Controllers are not resolved. Why?

 

This happens when the DNS associated with the machine running ADSelfService Plus does not contain the necessary information. In such cases, you must add the Domain Controllers manually.

Questions

 

3. When I add the Domain Controller, I get the "The Servers are not operational" error. What does it mean?

 

This could mean that either the specified Domain Controller is invalid or it could not be contacted because of network issues.

Questions

 

4. When I add the Domain Controller, I get the "Unable to get domain DNS / FLAT name" error. What does it mean?

 

This error could be due to any of the following reasons:

  1. The specified user name or the password is invalid.

  2. Anonymous login (when no user name and password is provided)

  3. When the IP Address of the Domain Controller is specified instead of its name.

Questions

5. The status column in the domain settings says that the user does not have Admin Privilege?

 

This is a warning message to indicate that the specified user does not have administrator privileges. That is, the user is not a member of Domain Admins Group. Hence permissions applicable to administrators may not be available to this user.

Questions

 

 

Active Directory Self Update

  1. Error Code - 80070005 / Error Code - 5 : Error In Setting Attributes, Access is denied

  2. While resetting user password, I get this error: "Error in setting the Password. The network path not found - Error Code: 80070035".

  3. While resetting user password, I get this error: "Error in setting the Password. There is a naming violation - Error Code: 80072037".

  4. While updating user information, I get this error: "The server is unwilling to process the request - Error Code: 80072035".

  5. While updating user information, I get this error: "Error In Setting Terminal service Properties. The specified user does not exist - Error Code: 525".

  6. I have updated the Exchange attributes using ADSelfService Plus, but the properties are not updated in the Exchange Server.

  7. I am not able to set the Terminal Services properties for the user.

  8. When I modify a user, I get this error: "A device attached to the system is not functioning - Error Code: 8007001f".

  9. Email address for user is not showing up or not set properly.

  10. Error-The server is unwilling to process the request while resetting password which not match the password complexity.

  11. Error code: 8007052e

  12. Error code: 80070775

  13. Error code: 800708c5

  14. No such user found. Verify the LDAP attribute in search query.

 

1. Error Code - 80070005 / Error Code - 5 : Error In Setting Attributes, Access is denied

 

Cause: User account does not have sufficient privileges.

Solution :

  1. Login to ADSelfService Plus with the 'admin' credential.

  2. Click the Domain Settings link found at the right top corner.

  3. Click the edit icon to Edit the Domain Details.

  4. Select the Authentication option, and enter a privileged 'Domain User Name' and 'Domain Password'.

  5. Save the Changes and continue with the operations

Questions

 

2. While resetting user password, I get this error: "Error in setting the Password. The network path not found - Error Code: 80070035".

 

This error occurs if the target machine could not be contacted while resetting the user password. This could happen when the DNS associated with the machine running ADSelfService Plus does not point to the Domain Controller where the user account is being created (possibly both are in different domains).

Questions

 

3. While resetting user password, I get this error: "Error in setting the Password. There is a naming violation - Error Code: 80072037".

 

One possible reason for this error is that the password could contain some special characters that are not allowed.

Questions

 

4. While updating user information, I get this error: "The server is unwilling to process the request - Error Code: 80072035".

 

One possible reason for this error is that, when the SAMAccountName format is modified for multiple users, more than one user could have the same SAMAccountName.

Questions

 

5. While updating user information, I get this error: "Error In Setting Terminal service Properties. The specified user does not exist - Error Code: 525".

 

One possible reason could be: the user or the system account using which the product runs does not have an account in the target domain. Terminal Service properties can be set only if the user account or the system account using which ADSelfService Plus runs (when it is run as a service) has an account on the target domain.

Questions

 

6. I have updated the Exchange attributes using ADSelfService Plus, but the properties are not updated in the Exchange Server.

 

ADSelfService Plus modifies the Exchange properties in the Active Directory. The changes may not reflect in the Exchange Server immediately, but it will certainly get updated after some time.

Questions

 

7. I am not able to set the Terminal Services properties for the user.

 

One possible reason could be: the user or the system account using which the product is run does not have an account in that domain.

 

Refer this section for starting ADSelfService Plus using a User or System account.

Questions

 

8. When I modify a user, I get this error: " A device attached to the system is not functioning - Error Code: 8007001f ".

 

The possible reason for this error could be: an unacceptable format is chosen for the naming attributes, while modifying a user. For example, if the format chosen for the Logon Name is LastName.FirstName.Initials, and if the user does not have any of the specified attributes, this error will occur.

Questions

 

9. Email address for user is not showing up or not set properly.

 

The possible reasons could be:

  1. Email may not be set as per the Recipient Policy; check whether all the ldap attributes in the recipient policy query are set to specific value.

  2. The email attribute might not have been specified properly for the user. For example, the domain might not have been specified while entering the value for the email attribute. That is, if the email address is xyz@company.com, '@company.com' might not have been entered.

Questions

 

10. Error-The server is unwilling to process the request while resetting password which not match the password complexity.

 

The possible reason could be: The password that you provided might not comply with the specified 'Password Complexity'.

 

Ex: The password complexity might have specified a specific length, characters that can be used or number of bad login attempts, etc. for the passwords. If the new passwords provided do not meet the specified complexity, it will result in this error.

Questions

 

11. Error code: 8007052e

 

Reason for this error: the credentials provided are invalid.

Questions

 

12. Error code: 80070775

 

Reason for this error: the referenced account is currently locked out and not logged on.

Questions

 

13. Error code: 800708c5

 

Reason for this error: the password does not meet the password policy requirements. Check whether the password provided meets the minimum password length, password complexity and password history requirements.

Questions

 

14. No such user found. Verify the LDAP attribute in search query.

 

Reason for this error: There are no matching users in the Active Directory for the criteria provided. Try choosing the correct matching attributes by checking the query provided in the "Match criteria for Users in AD"; this can be obtained by clicking the "Update in AD" button and expanding "Select Attributes".

Questions

 

 

Active Directory Change Password

 

When end users try to change password from the self-service portal, they get this error: Problem in changing password. Contact your administrator to troubleshoot.

 

Check if the following prerequisites are satisfied.


Checklist




Active Directory Reports

  1. When I specify the details and generate the report, it says "No Result available" or incomplete data.

  2. When I specify the details and generate the service accounts report, it says "No Permission to read".

  3. AD Reports shows an object that does not exist in the Active Directory.

 

1. When I specify the details and generate the report, it says "No Result available" or incomplete data.

 

The possible reasons could be:

  1. ADSelfService Plus could not contact the Domain Controller, either because it is not operational or due to network issues.

  2. In case of multiple Domain Controllers, the data might not be replicated in all the Domain Controllers.

  3. The LastLogonTime that is used to determine the inactive users and computers is not replicated in all the Domain Controllers. Hence, you must specify all the Domain Controllers in the Domain Settings of ADSelfService Plus to enable it to retrieve the data from all the Domain Controllers.

  4. When the password policy is not set (i.e., Max Password Age is set to zero), the Password Expired Users report and Soon to Expire User Passwords reports will not have any data.

Questions

2. When I specify the details and generate the service accounts report, it says "No Permission to read".

 

This occurs when there is no permission for the user account provided in ADSelfService Plus' domain settings to read the LSA policy object of the computers selected..

Questions

 

3. AD Reports shows an object that does not exist in the Active Directory.

 

This mismatch could occur if ADSelfService Plus' data is not synchronized with the Active Directory data. The data synchronization happens every day at 1:00 hrs. If ADSelfService Plus is not running at that time, you can initiate the data synchronization manually by clicking the icon located in the Actions column of the desired domain, in the Domain Settings.

Questions

 

Troubleshooting GINA

  1. I receive the error message: "Initiating Connection to Remote Service. Failed". Why?

  2. I receive the error message: "Network path not found/Invalid Credential". Why?

  3. I receive the error message: "The network path was not found". Why?.

  4. Couldn't copy the MSI file "ADSelfServicePlusClientSoftware.msi" to the client machine. Why?

  5. Couldn't connect to the Client Machine, ADMIN$. Access is denied.

  6. Logon Failure: The target account name is incorrect.

  7. Logon failure: unknown user name or bad password.

  8. Another installation is already in progress.

  9. Couldn't start remote service. Overlapped I/O operation is in progress.

 

1. I receive the error message: "Initiating Connection to Remote Service. Failed". Why?

 

This error could occur if the target computer could not be contacted.

 

2. I receive the error message: "Network path not found/Invalid Credential". Why?

 

This error could occur if the target computer could not be contacted.

 

3. I receive the error message: "The network path was not found". Why?

 

This error could occur if the target computer could not be contacted.

 

4. Couldn't copy the MSI file "ADSelfServicePlusClientSoftware.msi" to the client machine. Why?

 

Possible reason: Insufficient privileges to access the client machine.

Solution: Update the credentials provided in ADSelfService plus' "Domain Settings", if it is running as an application. If it is running as service, update the service account's credential from the "Logon" Tab by editing "Services.msc".

 

5. Couldn't connect to the Client Machine, ADMIN$. Access is denied.

 

Reason : Admin share might not be enabled.

 

Solution: Enable Admin share in the client computer and configure ADSelfService Plus domain settings using user credentials that has necessary permission to access the Admin share.

 

Step 1: Enable Admin Share

  1. From the client computer, go to Start --> Run and type gpedit.msc and hit enter

  2. Expand the Administrative Templates -> Network -> Network Connections -> Windows Firewall

  3. Click Domain Profile and double click Windows Firewall: Allow inbound remote administration exception

  4. Select Enabled and click OK

Step 2: Update the domain settings in ADSelfService Plus with a user account that has permission to access the Admin share.

  1. When ADSelfService Plus is running in console mode, update the credential provided under the "Domain Settings" of ADSelfService Plus.

  2. When ADSelfService Plus is running as a service, update service account's credentials from the "Logon" Tab editing the properties of "Services.msc".

 

6. Logon Failure: The target account name is incorrect.

 

This error could occur if two computers have the same computer name. One computer is located in the child domain; the other computer is located in the parent domain.

 

7. Logon failure: unknown user name or bad password.

 

Reason:Admin share might not be enabled.

Solution:Configure Domain Settings (when run as a console) / Logon Tab (when run as a service) by providing an account with the appropriate administrative credentials

 

8. Another installation is already in progress.

 

Solution : Try to install after a few minutes.

 

9. Couldn't start remote service. Overlapped I/O operation is in progress.

 

Solution : Try enabling "Remote registry" and "Server" service on the client machine.

 

Troubleshooting Mac Login Agent

  1. Connection timed out.

  2. Connection refused.

  3. Logon Failure: Unknown user name or bad password..

  4. Permission denied

 

1. Connection timed out.

 

2. Connection refused.

 

3. Logon Failure: Unknown user name or bad password

(or)

4. Permission denied.

 

Troubleshooting Push Notification

  1. ERROR_CODE:70050A,   ERROR_CODE:70060AA,   ERROR_CODE:70060AI,   ERROR_CODE:70050CF,   ERROR_CODE:70050ACF,   ERROR_CODE:70050ICF

  2. ERROR_CODE:70050PF,   ERROR_CODE:70050APF,   ERROR_CODE:70050IPF

 

1.ERROR_CODE:70060AA,   ERROR_CODE:70060AI,   ERROR_CODE:70050CF,   ERROR_CODE:70050ACF,   ERROR_CODE:70050ICF.

 

2. ERROR_CODE:70050A,    ERROR_CODE:70050PF,   ERROR_CODE:70050APF,   ERROR_CODE:70050IPF

This error will appear if you don't have the necessary ports and IP/Host addresses opened in your Firewall setup.

 

Troubleshooting SMS Server Settings and SSLHandshakeException

 

Description: This exception occurs when you configure a SMTP mail server or a web server with SSL in ADSelfService Plus, and the server uses a self-signed certificate. The Java Runtime Environment used in ADSelfService Plus will not trust self-signed certificates unless it is explicitly imported.

 

Solution: You need to import the self-signed certificates used by the server in the JRE package used by ADSelfService Plus. Follow the steps given below:

 

Step 1: Download the certificate

  1. For SMTP servers:

    Note: To download the certificate used by SMTP server, you must have OpenSSL installed. You can download it from here .

    • Open the command prompt and change to the bin folder in the OpenSSL installed location.
    • Now run the following command
    • openssl.exe s_client -connect SMTPServer:Portno -starttls smtp > certificatename.cer
    • For example, openssl.exe s_client -connect smtp.gmail.com:587 -starttls smtp > gmailcert.cer
  2. For Web Servers:

    • Open the web URL in a browser.
    • Click the padlock icon on the address bar.
    • Click More Information. This opens the Certificate Viewer window showing the certificate used by that web server.
    • Click View Certificate.
    • When the Certificate window showing Certificate Information Authority opens, click the Details tab.
    • Click Copy to File.
    • In the Certificate Export Wizard that opens, click Next.
    • Select the format as DRE encoded binary X.509 (.CER) and click Next.
    • Enter the path where you wish to save the file and click Finish.

Step 2: Import the certificates in JRE package of ADSelfService Plus

    • Open a command prompt and change to the \jre\bin folder. For example: C:\ManageEngine\ADSelfService Plus\jre\bin
    • Run the following command
    • Keytool -importcert -alias myprivateroot -keystore ..\lib\security\cacerts -file
    • For example: Keytool -importcert -alias myprivateroot -keystore ..\lib\security\cacerts -file C:\smtpcert.cer
    • Enter changeit when prompted for a password
    • Enter y when prompted Yes or No
    • Close the command prompt and restart ADSelfService Plus.

Description: This error may appear when you have configured SAML Authentication in ADSelfService Plus with an invalid X.509 certificate from the identity provider. The certificate is deemed invalid due to one of the following reasons:

Solution: Please download the current X.509 certificate from your identity provider again and upload it in ADSelfService Plus.

 


Go to Top
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine