Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Specops Authentication

Enrolling Admin Accounts and Troubleshooting AD Permissions Issues Affecting Enrollment

When a user is enrolling in uReset or Specops Authentication, they might receive one of the following error messages: Your organization’s server is not configured properly to access your account Unable to write enrollment data due to your account being a member of an elevated group. When this happens, this indicates the Specops Authentication Gatekeeper...

Unable to Delete Users with Leaf Objects

Specops Password Policy, Password Reset, and uReset/Specops Authentication all use leaf objects under user accounts for the purposes of storing user specific information — for Password Policy this includes password history and length-based password age information; for Password Reset and uReset/Specops Authentication the leaf object contains user enrollment data. The advantage of using a leaf...

Moving Specops Authentication Mobile Numbers to a Custom Attribute

By default, when a user is enrolled in the mobile code (SMS) identity service, the mobile number entered by the user is stored in the mobile attribute on the user’s account in AD.  In some organizations this may not be ideal, as the phone number becomes visible to users in the other applications (e.g. Exchange/Office...

Upgrading Specops Authentication Gatekeepers on Server Core

For servers with Desktop Experience, the Gatekeeper can be upgraded directly within the Gatekeeper admin tool. For Server Core server editions (or if you prefer to automate upgrades on any edition of Windows), the upgrade can also be done in PowerShell using the following script:

Error Saving Identity Service Configuration

When configuring third party identity services (e.g. Duo, Okta, Verify, PingID, Symantec VIP) you may encounter an error after saving the configuration in the Identity Services section of the Specops Authentication Admin Web That shouldn’t happenSomething went wrong, an unexpected error occurred on your organization’s server. If you check the Specops event log under Applications...

Enabling uReset Password Reset for Active Directory Admin Accounts

The Specops Authentication Gatekeeper Server responsible for writing enrollment information and resetting passwords in AD runs as a low-privilege service account. By default it will not have reset passwords for admin accounts in Active Directory protected by adminSDHolder. For issues with during enrollment see the following knowledge base article: https://specopssoft.com/knowledge-base/specops-ureset-8/enrolling-admin-accounts-troubleshooting-ad-permissions-issues-affecting-enrollment/ If you have already completed...

Enabling Email Notifications from Specops Authentication

Email notifications sent from the Specops Authentication platform (uReset, Secure Service Desk, Key Recovery) must be sent from an email address in the customer domain. Allowed Domains The sender address must be from an email domain associated with your customer account. The list of domains can be viewed managed in the SA Admin Web under...

TLS 1.0 and 1.1 Deprecation for Specops Authentication

Transport Layer Security (TLS) is the security protocol used to encrypt and protect web traffic. You may know it as SSL (Secure Sockets Layer); TLS is an upgrade to SSL. There are multiple versions of TLS; as of today, only TLS 1.2 and TLS 1.3 are considered secure. Older versions are deprecated and should no...