Anonymous_User Absent Member.
Absent Member.
725 views

An administrator has enabled and set the password on your ac


Hello SecureLogin Fans,

we are running SecureLogin 7.0.3 HF4 on Windows Server 2008 R2 acting as
Citrix XenApp servers. We are very frequently get the error message:

"An administrator has enabled and set the password on your account. For
security reasons, as password options are available to you, SecureLogin
requires you to login at least once with your password."

which disables all SecureLogin functionality and the user has to logoff
and logon again. We have a very complex infrastructure with Active
Directory and Novell eDirectory in place and drivers synchronizing user
accounts existing in both Directories. I have already enabled for my
account all Debugging options and I have many debug files.

Does someone know what causes this error message (definitely nobody has
reset the password manually) or for what i have to check the Debug files
to find the reason. May i find the reason in the registry or the Event
Log? We have checked the timestamp of the password set attribut
pwdLastSet in AD but this has not changed. 😞

Any help is appreciated.
Jochen


--
RealCoach
------------------------------------------------------------------------
RealCoach's Profile: https://forums.netiq.com/member.php?userid=4805
View this thread: https://forums.netiq.com/showthread.php?t=47538

0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: An administrator has enabled and set the password on your ac


i´ve seen that regularly if you work remotely (via rdp) on a client
which has sso installed.

here´s a TID talking about potential problems causing that behaviour:
see: http://www.novell.com/support/kb/doc.php?id=7940426

florian


--
florianz
------------------------------------------------------------------------
florianz's Profile: https://forums.netiq.com/member.php?userid=309
View this thread: https://forums.netiq.com/showthread.php?t=47538

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: An administrator has enabled and set the password on your ac


Thank you for pointing me to this TID, our ProviderOrder is
"SLCredman64,PICAClientNetwork,RDPNP,LanmanWorkstation,webclient". I am
trying now to place "SLCredman64" at the end of the providers string.


--
RealCoach
------------------------------------------------------------------------
RealCoach's Profile: https://forums.netiq.com/member.php?userid=4805
View this thread: https://forums.netiq.com/showthread.php?t=47538

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: An administrator has enabled and set the password on your ac


After observing the issue with changed ProviderOrder and after 2 reboots
on the last 2 weekends we still experience the "Error" message. Could it
be helpful to

a) start "slproto /nochange"
b) disable Passphrase


--
RealCoach
------------------------------------------------------------------------
RealCoach's Profile: https://forums.netiq.com/member.php?userid=4805
View this thread: https://forums.netiq.com/showthread.php?t=47538

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: An administrator has enabled and set the password on your ac


RealCoach;229002 Wrote:
> After observing the issue with changed ProviderOrder and after 2 reboots
> on the last 2 weekends we still experience the "Error" message. Could it
> be helpful to
>
> a) start "slproto /nochange"
> b) disable Passphrase


Not sure if you can truly "disable" the passphrase. The best you can do
is set it to "hidden" which then uses a system generated passphrase
based on the user's GUID.

I have seen this issue before when multiple admin users are managing
accounts via SLManager on a single "real" box i.e. they are using RDP to
remotely connect to a server/VM host. It's probably something to do with
the way SLManager or some other SL component uses HKLM in this setup. We
remove SLManager from all our builds now and only use it via AD users
and Computers snap-in which we have limited to only 2 users (it's
installed on a seperate server that only 2 users have access to)

So far we've not seen this problem re-occur since SLManager was taken
out of the equation.


--
clovercne
------------------------------------------------------------------------
clovercne's Profile: https://forums.netiq.com/member.php?userid=1699
View this thread: https://forums.netiq.com/showthread.php?t=47538

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.