Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Specops Password Reset

User receives “the certificate revocation list server could not be reached” message when they click the reset password link at the logon screen, but not when they browse to the reset page when logged in.

User is not connected to the internet at the logon screen. Possible solution You can use one of the following three options below to solve this issue: Add a new rule to your proxy that allows “domain computers” to reach the CRL servers on the internet. The rule will look similar to the example below:...

Access denied message on helpdesk webpage

Delegated Helpdesk does not work against an alias: https://spr.domain.com/specopspassword/helpdesk. You must access the page through the FQDN. Possible solution Add another CN to the certificate. “CN=hostname.domain.local” if using https://hostname.domain.local/specopspassword/helpdesk; Or “CN=hostname” if using just the server name https://hostname/specopspassword/helpdesk.

“Access denied” message when enrolling with an admin account

Admin accounts are affected by the adminSDHolder rule, which resets the security permissions on privileged AD accounts every 15 minutes. Possible solution Log in with an account with Domain Admin permissions and run the following command. dsacls "CN=AdminSDHolder, CN=System, <Domain DN>" /G "<ServiceAccount>:CCDC;classStore;" "<ServiceAccount>:LC;;" "<ServiceAccount>:CA;Reset Password;" "<ServiceAccount>:RP;userAccountControl;" "<ServiceAccount>:RPWP;mobile;" "<ServiceAccount>:RPWP;pwdLastSet;" "<ServiceAccount>:RPWP;lockoutTime;" Example: dsacls "CN=AdminSDHolder, CN=System, DC=example,...

Always get prompted for windows credentials when opening the Helpdesk/Reporting page

You have not added the FQDN of the server (or *.mydomain.com) to the local intranet site using the GPO site to Zone Assignment. Possible solution You will need to complete the steps under “Enabling authentication to the Password Reset Web Server” in the Specops Password Reset Installation Guide.

The Reset Password link does not appear on the logon page after reboot

Possible cause The computer is booting before the network stack has been brought up. This is common when systems are used with wireless or gigabit connected NIC’s. Possible solution You may want to disable Fast Logon Optimization. You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy...

Enabling the Logon Tile for Password Reset

This article will review how to replace the Reset Password link below the password field with a separate user logon tile that launches the password reset page. These steps will work with the Specops Authentication client for both uReset and Specops Password Reset. These steps should only be taken in situations where the default credential...

Verify Specops Password Reset License Usage

This article will review how Specops Password Reset affected/subscription licenses are consumed. Both affected (perpetual) and subscription licenses use the same model to count licenses — the count is based on the number of enabled Active Directory user accounts that have a Specops Password Reset GPO applied to them in Active Directory. Check Current License...

Failed to get the SPR service account UPN from the server ‘..’ Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ..

The following error message was received after a Specops Password Reset installation or upgrade: Failed to get the SPR service account UPN from the server ‘..’Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘..’ but the remote endpoint provided DNS claim ‘..’. If this is a legitimate remote...

Service failed to start (Initializing ServiceHost) System.InvalidOperationException: Cannot find the X.509 certificate using the following…

The Specops Password Reset Server Service will not start on the server, the application log is showing the following error: Service failed to start (Initializing ServiceHost)System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName ‘My’, StoreLocation ‘LocalMachine’, FindType ‘FindByThumbprint’, FindValue ‘..’.at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean...

Unknown error in Specops Password Reset website when ASP.NET Impersonation is disabled in IIS.

Description: In some instances customers may encounter the error “Unknown error”, and “An error occurred when serving the request. Please contact your administrator.” This may be seen when browsing to all Specops Password Reset links, or only specific ones like Change, Reset, Enrollment, Helpdesk, or Reporting. Resolution: This can be caused by ASP.NET Impersonation being...
« Previous PageNext Page »