0 votes

Hello!

We are using the current version of Adaxes and are in the process of making the password self-service available to our users. We have installed the self-service client on our terminal servers (2008 R2), but the logon / lock screen does not behave as expected. This is what you see:

So it looks like the client wasn't installed. Then when you choose other credentials you get this:

Now when you choose the left option, you get the same as in the beginning, but when you choose the right one, the link is there:

Can someone explain what we are doing wrong?

Thanks
Erik

[EDIT]: Corrected image links. Sorry about that...

by (160 points)

1 Answer

0 votes
by (216k points)

Hello Erik,

Having two logon tiles, one of them with the Reset Password link and the other one without it, is normal and expected. The thing is that the default tiles (without the link) are created by Windows, and Windows does not provide any means to replace or delete these tiles. The only thing that is allowed is to add more tiles, which the Self-Service Client does.

What is strange is that why Windows doesn't select the tile created by the Self-Service Client as the default tile. Adaxes Self-Service Client registers itself as a Credential Provider in Windows, and Windows should select the tile created by Adaxes Credential Provider by default, and not the tile of the builtin Windows Credential Provider. We can't say for sure why Windows does not select the tile of Adaxes Credential Provider because it seems to be an issue in your environment. First of all, we would recommend checking the software installed on those servers. Is there any software installed that would interact with the Windows Logon Screen?

0

Thank you, that sheds some light on the situation.

We do use Anixis PPE, which modifies the change password dialogue, but I wouldn't know if it acts as a credential provider. I'll have to look into that and also have a closer look at the software on the server. I'll post anything I find.

0

Erik,

Yes, Anixis PPE can be one of the reasons for the issue. By the way, Adaxes can be configured to work with Anixis PPE and display correct rejection reason messages when users change or reset their passwords with the help of Adaxes. For information on how to configure, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... tings.html.

0

OK I got it to work, but I'm not quite happy yet. After uninstalling the Anixis PPE client, the password reset link appears as it should. Following the link, the PPE rules are displayed correctly in the web interface, so that's fine as well. BUT when users just want to change their password from inside their Windows session, I am now missing the little window showing them those rules, something the Anixis client provided.

Is there some way to get both to work? Maybe change the priority of those credential providers, with the Adaxes one being first, so that, even though the Anixis client is installed, the password reset link still appears? Sorry if I'm just guessing, this goes a little bit beyond what I normally do.

Best regards
Erik

0

Hello Erik,

The only way how you can get both working is like you had before in your initial post, that is, have two tiles (one provided by Adaxes and another one extended by Anixis PPE). So, when users normally login, they can use the default tile without the Reset Password link. Within this tile, they will have the ability to normally change their password, Anixis client will prompt them the applicable password rules etc. In case they've forgotten their password and need to reset it, they can hit Esc in the Logon Screen, choose the other tile with the Reset Password link and reset their password.

Unfortunately, the Credential Provider subsystem in Windows does not allow two applications extend the logon screen simultaneously.

0

Hi again,

Everything works now. I got into contact with Anixis and they provided me with some additional registry values which did the trick. If this fix remains stable, it will be incorporated into the next PPE client version. If any of you should need the solution right now, please contact Anixis support for it.

Thanks for your help.
Erik

0

Hello Erik,

Thanks for the update! :)

Related questions

0 votes
1 answer

Due to company requirements, I need to customize the Reset Password screen presented in the Self Service and Help Desk sites, but I haven't found how to do the specific changes I ... Web Customization or do I have to go into the actual text files to do this?

asked Jan 29, 2013 by danftasc (440 points)
0 votes
1 answer

We are testing Windows Autopilot and would still like to use the adaxes client to allow for SSPR. Is it possible to configure the Windows Integration settings on a machine that is not domain joined but is joined through Azure AD?

asked Sep 3, 2020 by scoutcor (120 points)
0 votes
0 answers

Is there a way to combine the two functions for Unlock, and Password Reset? Most of the time, users lock themselves out because they don't remember the password, so the HelpDesk ... for the user, then changing the password. Is there any other way to do this?

asked Oct 24, 2016 by rurbaniak (1.5k points)
0 votes
1 answer

Where are the result options located for Reports? I have several admins that do a All Users report search then click on the User Name, from the Menu on the left ... the user does not have the option to select these options. Standard Password Configuration:

asked Sep 2, 2020 by dknapp (100 points)
0 votes
1 answer

We are currently using ManageEngine AD Unlock tool and would like to use the Adaxes version. Our question is can we import the questions and answers for the 8000 plus users already enrolled?

asked May 23, 2017 by willy-wally (3.2k points)
3,588 questions
3,277 answers
8,303 comments
548,091 users