Troubleshooting

The information below is intended for administrators who are responsible for troubleshooting Specops Password Policy. Before you perform the tasks in this guide, please ensure you have correctly installed Specops Password Policy.

Common issues

The custom message is not displayed when failing to meet the password rules

Possible cause

The MS filter is blocking the password

Possible solution

After you’ve ensured that the new password meets at least the default domain policy, confirm whether a fine-grained password policy (FGPP) is in place. FGPPs can be found in the Password Settings Container. Delete any FGPP to ensure that the domain policy is applied, and verify that the custom message appears as expected.

The Sentinel appears as “not installed” on the DC even though it has been installed.

Possible cause

If the account you are logged in with doesn’t have access to the admin$ share on the DC then you will get the “not Installed” message.

Possible solution

You need to be logged in with a Domain Admin level account to connect to this share. The Admin Tool checks for the existence of the file.

To ensure that the file is running, use Process Explorer (SysInternals/Microsoft tool https://docs.microsoft.com/sysinternals/downloads/process-explorer). The file will appear under LSASS.EXE in one of the threads.

“The system cannot find the path specified” error in the eventlog

Possible cause

Specops Password Policy and Specops Password Reset leverage the same Client. In this case, the Client is looking for SPR.ini in the Specops Password Reset product.

Possible solution

If you are not using Specops Password Reset, this message can be safely ignored.

User does not receive the Specops message when they enter a password that does not meet complexity requirement

Possible cause

  • The password does not meet Microsoft’s default password complexity requirements.
  • The Specops Client is not installed.

Possible solution

  • Ensure that the password has met Microsoft’s password complexity requirements.
  • Ensure that the Specops Client is installed.

“Invalid License File” error in the Domain Administration Tool

Possible cause

  • Version mismatch between Administration Tool and license key.

Possible solution

  • Contact Specops Support for correct license file version.

User is unable to meet the policy requirements and cannot change password

Possible cause

There may a problem with the dictionary file.

Possible solution

  1. In the Group Policy Editor, expand User Configuration, Windows Settings, and select Specops Password policy.
  2. Click Configure Password Policy.
  3. Select the Password Rules tab.
  4. Disable the Disallow words from dictionary checkbox.

Cannot view the sentinel state in the domain administration tool

Possible cause

The person running the tool is unable to connect to the admin share on the DC’s.

Possible solution

Ensure that the user running the Domain Administration Tool has the appropriate rights to monitor the status.