ADSelfService Plus is down

Last updated on:

In this article

Issue description

The ADSelfService Plus application is inaccessible to users, preventing access to self-service features such as password resets, account unlocks, or portal access. This downtime can impact productivity and increase the help desk load.

Possible causes

  • A stopped service: The ADSelfService Plus Windows service is not running on the host server.
  • Blocked application ports: Essential application communication ports (e.g., 80/443 for HTTP/HTTPS) on the host server are blocked by local firewalls or network proxy servers.
  • Database connectivity issues: ADSelfService Plus cannot connect to its external database, such as Microsoft SQL Server, PostgreSQL, or MySQL (if applicable).
  • High availability (HA) misconfiguration: In HA environments, the application must be accessed via the virtual IP (VIP) address, which dynamically binds to the active server. Accessing the application via the server’s IP address or hostname may result in failure, especially after a failover.
  • Load balancer (LB) misconfiguration: In an LB environment, there might be a mismatch in the allowed ports, preventing traffic from reaching the ADSelfService Plus server.

Prerequisites

  • Administrative privileges in ADSelfService Plus
  • Permissions to access the database (if ADSelfService Plus is configured with an external database)

Resolution

Step 1: Verify server accessibility

  1. Open Command Prompt on your computer.
  2. Type ping <server-name or IP address> and press Enter. Example: ping 192.168.1.10 or ping myserver.example.com
    • If you receive a series of Reply from messages, it indicates that the server is up and reachable.
    • If you see errors like Request timed out or Destination host unreachable, the server may be down, disconnected from the network, or blocked by a network-level firewall. Address server and network infrastructure issues before proceeding.

Step 2: Check the ADSelfService Plus service status

  1. Open services.msc on the ADSelfService Plus server.
  2. Locate the service named ManageEngine ADSelfService Plus.
  3. Check the Status column:
    • If it says Running, the service is active.
    • If it is blank or says Stopped, the service is not running. Right-click the service and select Start.
Note:

After starting, wait a few minutes for the application to fully initialize before attempting access.

Step 3: Confirm that the essential ports are open

ADSelfService Plus typically uses 8888 (HTTP) and 9251 (HTTPS) by default, or 80 (HTTP) and 443 (HTTPS) if configured.

  1. Open the wrapper log located in <installation directory>/logs.
  2. Review it for details on the reason for the failure.

Step 4: Validate the database connectivity (if using an external database)

  1. Check the basic network connectivity to the database server:
    • Open Command Prompt on the ADSelfService Plus server and execute the command ping <database-server-address>\. Example: ping 192.168.1.50
      • If you see replies, the server is reachable.
      • If you see a Request timed out error, the server is unreachable. Check the network or firewall settings.
  2. Test the database port connectivity using Telnet:
    • On the ADSelfService Plus server, open Command Prompt and execute the command telnet <database-server-address> <port>.
      • Example for Microsoft SQL Server: telnet 192.168.1.50 1433
      • Example for PostgreSQL: telnet 192.168.1.50 5432
      • If the screen goes blank or shows a Connected message, the port is open and reachable.
      • If an error like Could not open connection is displayed, the port may be blocked by a firewall on the database server or network path.
  3. Try logging in to the database:
    • Use a database client tool like SQL Server Management Studio for Microsoft SQL Server or pgAdmin for PostgreSQL.
    • Try connecting using the database server address, port, username, and password.
    • If the login fails, verify that:
      • The credentials are correct.
      • The database service is running on the database server.

Step 5: Address HA- or LB-specific issues

For HA setups:

  1. Always ensure you are accessing the application via the VIP address, not individual server IP addresses or hostnames.
  2. Verify the status of both nodes in your HA setup and ensure the VIP has successfully failed over to the active node.

For LB setups:

  1. Verify the configuration.
  2. Ensure that the configured ports are reachable and that network traffic is successfully routed to the ADSelfService Plus server without any intermediate blockages or misconfigurations.

Step 6: Review the application logs for errors

ADSelfService Plus generates detailed logs that can pinpoint the exact cause of the application being down.

  1. Navigate to the <ADSelfService Plus Installation Directory>\logs folder.
  2. Look for recent error messages in files such as the following:
    • serverout.log
    • wrapper.log
    • catalina.log (if running in a Tomcat environment)

These logs can indicate specific issues like database connection failures, port conflicts, out of memory errors, corrupted files, or other critical application errors.