Knowledge Base

I get asked every now and again by clients about allowing external users to enroll in the password reset system and whats the best way to enable this. The problem is that by default we use Windows Authentication which is the currently logged on users credentials. But if the user is logged into their home...

Complete message reads: “Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘servername.domain.com’ but the remote endpoint provided DNS claim ‘webserveralias.domain.com.’ If this is a legitimate endpoint, you can fix the problem by explicitly specifying DNS identity ‘webserveralias.domain.com’ as the identity property of EndpointAddress when creating channel proxy.” Possible...

Description: Users attempt to go to the Specops Password Reset page, and they encounter the error below: You check the Specops Password Reset Service on your Specops Password Reset Server and find that it is not running. When you attempt to start it, the service fails to start. In the Event Viewer, Windows Logs, Application...

Description: If you see user counts that don’t look quite right, or you get a license error in Specops Password Reset, it could be the nightly user counting timing out. To check if this is the issue, we can check our Event Viewer on the Specops Password Reset server. On the Specops Password Reset server,...

Admin accounts are affected by the adminSDHolder rule, which resets the security permissions on privileged AD accounts every 15 minutes. Possible solution Log in with an account with Domain Admin permissions and run the following command. dsacls "CN=AdminSDHolder, CN=System, <Domain DN>" /G "<ServiceAccount>:CCDC;classStore;" "<ServiceAccount>:LC;;" "<ServiceAccount>:CA;Reset Password;" "<ServiceAccount>:RP;userAccountControl;" "<ServiceAccount>:RPWP;mobile;" "<ServiceAccount>:RPWP;pwdLastSet;" "<ServiceAccount>:RPWP;lockoutTime;" Example: dsacls "CN=AdminSDHolder, CN=System, DC=example,...

The following error message was received after a Specops Password Reset installation or upgrade: Failed to get the SPR service account UPN from the server ‘..’Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘..’ but the remote endpoint provided DNS claim ‘..’. If this is a legitimate remote...

The service account has lost permissions to read the Specops Password Reset Group Policy Object. Possible solution From the Group Policy Management Console, add the service account to the Delegation Tab of the Specops Password Reset Group Policy Object with Read rights.

User is not connected to the internet at the logon screen. Possible solution You can use one of the following three options below to solve this issue: Add a new rule to your proxy that allows “domain computers” to reach the CRL servers on the internet. The rule will look similar to the example below:...

The Specops Password Reset Server Service will not start on the server, the application log is showing the following error: Service failed to start (Initializing ServiceHost)System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName ‘My’, StoreLocation ‘LocalMachine’, FindType ‘FindByThumbprint’, FindValue ‘..’.at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean...

Description: When you browse out to your Specops Password Reset site you encounter the following error: 403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Solution: Generally if you see this message, it can be one of the two items below....