Password Reset works from login prompt but not through Portal
I've followed the Password Reset and Registration guide here http://technet.microsoft.com/en-nz/library/cc561138(en-us,WS.10).aspxRegistration works, and password reset works from the login prompt, but not through the portal.The user can browse to http://hostname/passwordportaland enter their username/domain but they just come through toa "Download ilm2 password management client" page.The client is already installed, and presumably is working as the user can registerboth at login and through portal, and reset from login.I've tried looking for PwdMgmtProxy.svclog but can't find one....Any ideas?
September 2nd, 2009 4:54am

The user may have installed the wrong version of the password management client. If you're on a 64-bit machine, you must install the 64-bit client. You can install the 32-bit client, but it'll do you no good. Also, I seem to remember that you have to run IE 64-bit as well when you're trying to run the client.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2009 9:32am

Thanks Joe - made me check which browser version was running. I hadn't realised that on 64 bit Win 2008 the "default" IE shortcuts are toIE32 not IE64. Seems weird but oh well.I get a different error now - "A service proxy exceptionwas encountered while running the password reset application. Error text: The password reset service may be down ... Error code: 5"I'llinvestigate this and see what I find. BTW password reset doesn't actually work from login either, it does display the auth gate and the question checking logic works (you have to get the correct numbers of answers to proceed), it then displays the prompts for the new password but fails to set it. I'm treating that as un-related for now.
September 3rd, 2009 12:36am

Did you see this post: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/ff9102e7-da02-44ef-90cf-535e49b28757 It has a couple of corrections to the walk through document. Also make sure that you have added the ILM certificate to your local machine and have set the appropriate active-x permissions in your internet options as described in the walk through.
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2009 3:08am

Thanks Rex - hadn't seen those corrections. I've posted a link to them on the bottom of the original technet instructions page so others find them.Have certs installed andunsafe active x enabled.
September 3rd, 2009 3:32am

the x64 version of the client includes both x86 and x64 version of the ActiveX, and you should be good. >>"A service proxy exceptionwas encountered while running the password reset application. Error text: The password reset service may be down ... Error code: 5" check the status of the service make sure it's running.. if it is... check: 1. IE protected mode is OFF (i think this is the cause) 2. it's in trusted sites (in coming release, trusted site is only needed for IE7. IE6 and IE8 can remains in Intranet) 3. put the IE Site Settings to Default (i.e. default settings for Trusted Sites)
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2009 4:32am

>>unsafe active x enabled you shouldn't need that. doing such will compromised your security. it should work at default settings. also, he mentioned he saw an error message, that means the ActiveX is instantiated >>Have certs installed for RC0, without the cert, you will have trouble getting past the QA Gate.
September 3rd, 2009 4:35am

>>I've tried looking for PwdMgmtProxy.svclog but can't find one.... that's by design (kind of known issue for RC0). this is because we've locked down the permission to C:\Program Files\...\Password Client the Password Proxy Service is running as NETWORK SERVICE which doesn't have write permission on that folder. thus no log is created. in coming release, we will default the path to C:\Logs\... (you still need to create the folder manually and grant NETWORK SERVICE write permission)
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2009 4:43am

Thanks anthonyIE protected mode off for admins and usershttp://ilmhostname in trusted sitestrusted sites were originally at default - I changed this to enable "Initilize and script ActiveX controls notmarked safe for scripting" as per Step 17 of the instructions - shouldI try changing back to default?Also I noticed DCOM errors on the ILM server at the same time as attempted PW resets The machine default permission settings do not grant local activation permission for the COM server application with class id {000C101C-0000-0000-C000-000000000046} to the user NT AUTHORITY\NETWORK SERVICE ... from address LOCALHOSTI did try giving network service the same DCOM perms as the ILM service account, the errors disappear but it didn't make password resets work.
September 3rd, 2009 5:07am

Sorry I confused IE protected mode withIE ESC - I'd turned IE ESC off but not protected mode.Now I get the same behaviour fromthe Portal asfrom login prompt - displays the auth gate and the question checking logic works (you have to get the correct numbers of answers to proceed), it then displays the prompts for the new password but fails to set it.I'll log a separate question about the password reset not working.
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2009 5:40am

Sorry I confused IE protected mode withIE ESC - I'd turned IE ESC off but not protected mode. Now I get the same behaviour fromthe Portal asfrom login prompt - displays the auth gate and the question checking logic works (you have to get the correct numbers of answers to proceed), it then displays the prompts for the new password but fails to set it. I'll log a separate question about the password reset not working. glad that you have the issue resolved. you mentioned you put the site in trusted sites already, why would protected mode for trusted site be turned on? i thought it should be off by default
September 3rd, 2009 7:39pm

Correct the default seems to be protected-off for trusted sites.Not sure why it's on -I usedour automated server build (MDT) to build these so suspect it's something we do for standard prod build.
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2009 10:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics