Knowledge Base

Possible cause The computer is booting before the network stack has been brought up. This is common when systems are used with wireless or gigabit connected NIC’s. Possible solution You may want to disable Fast Logon Optimization. You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy...

This article will review how Specops Password Reset affected/subscription licenses are consumed. Both affected (perpetual) and subscription licenses use the same model to count licenses — the count is based on the number of enabled Active Directory user accounts that have a Specops Password Reset GPO applied to them in Active Directory. Check Current License...

Specops Password Reset (SPR) and Specops Password Policy (SPP) take full advantage of Active Directory. SPR creates a classStore Object called specops-spp-passwordreset. SPP creates a classstore Object called specops-spp-passwordhistory. Both of these objects can prevent migration tools, such as Active Directory Migration Tool (ADMT), from successfully migrating the user object. Note: The latest version of...

Description: If you see user counts that don’t look quite right, or you get a license error in Specops Password Reset, it could be the nightly user counting timing out. To check if this is the issue, we can check our Event Viewer on the Specops Password Reset server. On the Specops Password Reset server,...

The following error message was received after a Specops Password Reset installation or upgrade: Failed to get the SPR service account UPN from the server ‘..’Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘..’ but the remote endpoint provided DNS claim ‘..’. If this is a legitimate remote...

SPECIAL ACCESS for classStoreCREATE CHILDDELETE CHILD Permissions inherited to subobjects: SPECIAL ACCESS for msDS-User-Account-Control-ComputedREAD PROPERTY SPECIAL ACCESS for userAccountControlREAD PROPERTY SPECIAL ACCESS for pwdLastSetWRITE PROPERTYREAD PROPERTY SPECIAL ACCESS for mobileWRITE PROPERTYREAD PROPERTY SPECIAL ACCESS for lockoutTimeWRITE PROPERTYREAD PROPERTY

The Specops Password Reset Server Service will not start on the server, the application log is showing the following error: Service failed to start (Initializing ServiceHost)System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName ‘My’, StoreLocation ‘LocalMachine’, FindType ‘FindByThumbprint’, FindValue ‘..’.at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean...

Description: In some instances customers may encounter the error “Unknown error”, and “An error occurred when serving the request. Please contact your administrator.” This may be seen when browsing to all Specops Password Reset links, or only specific ones like Change, Reset, Enrollment, Helpdesk, or Reporting. Resolution: This can be caused by ASP.NET Impersonation being...

Description: When you browse out to your Specops Password Reset site you encounter the following error: 403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Solution: Generally if you see this message, it can be one of the two items below....

Password Reset stores each user’s enrollment data in a leaf object underneath the user’s account (specops-spp-pwdReset) By design, access to these leaf objects is restricted as follows: SYSTEM – Full Control Domain Admins – Full Control Password Reset Service Account – Full Control End user – Read access If you have changed Password Reset service...