[SOLVED] Odd behaviour with password reset from logon screen

Question

Hello!

We are using the current version of Adaxes and are in the process of making the password self-service available to our users. We have installed the self-service client on our terminal servers (2008 R2), but the logon / lock screen does not behave as expected. This is what you see:

So it looks like the client wasn't installed. Then when you choose other credentials you get this:

Now when you choose the left option, you get the same as in the beginning, but when you choose the right one, the link is there:

Can someone explain what we are doing wrong?

Thanks
Erik

[EDIT]: Corrected image links. Sorry about that...

Answer 1

Hello Erik,

Having two logon tiles, one of them with the Reset Password link and the other one without it, is normal and expected. The thing is that the default tiles (without the link) are created by Windows, and Windows does not provide any means to replace or delete these tiles. The only thing that is allowed is to add more tiles, which the Self-Service Client does.

What is strange is that why Windows doesn't select the tile created by the Self-Service Client as the default tile. Adaxes Self-Service Client registers itself as a Credential Provider in Windows, and Windows should select the tile created by Adaxes Credential Provider by default, and not the tile of the builtin Windows Credential Provider. We can't say for sure why Windows does not select the tile of Adaxes Credential Provider because it seems to be an issue in your environment. First of all, we would recommend checking the software installed on those servers. Is there any software installed that would interact with the Windows Logon Screen?

Comments

Thank you, that sheds some light on the situation.

We do use Anixis PPE, which modifies the change password dialogue, but I wouldn't know if it acts as a credential provider. I'll have to look into that and also have a closer look at the software on the server. I'll post anything I find.

---

Erik,

Yes, Anixis PPE can be one of the reasons for the issue. By the way, Adaxes can be configured to work with Anixis PPE and display correct rejection reason messages when users change or reset their passwords with the help of Adaxes. For information on how to configure, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... tings.html.

---

OK I got it to work, but I'm not quite happy yet. After uninstalling the Anixis PPE client, the password reset link appears as it should. Following the link, the PPE rules are displayed correctly in the web interface, so that's fine as well. BUT when users just want to change their password from inside their Windows session, I am now missing the little window showing them those rules, something the Anixis client provided.

Is there some way to get both to work? Maybe change the priority of those credential providers, with the Adaxes one being first, so that, even though the Anixis client is installed, the password reset link still appears? Sorry if I'm just guessing, this goes a little bit beyond what I normally do.

Best regards
Erik

---

Hello Erik,

The only way how you can get both working is like you had before in your initial post, that is, have two tiles (one provided by Adaxes and another one extended by Anixis PPE). So, when users normally login, they can use the default tile without the Reset Password link. Within this tile, they will have the ability to normally change their password, Anixis client will prompt them the applicable password rules etc. In case they've forgotten their password and need to reset it, they can hit Esc in the Logon Screen, choose the other tile with the Reset Password link and reset their password.

Unfortunately, the Credential Provider subsystem in Windows does not allow two applications extend the logon screen simultaneously.

---

Hi again,

Everything works now. I got into contact with Anixis and they provided me with some additional registry values which did the trick. If this fix remains stable, it will be incorporated into the next PPE client version. If any of you should need the solution right now, please contact Anixis support for it.

Thanks for your help.
Erik

---

Hello Erik,

Thanks for the update! :)