Use the following information to troubleshoot the tools provided with Self Service Password Reset.
Self Service Password Reset provides a Dashboard to help you see the health of your system and troubleshoot many different issues. Use the Dashboard to help understand URL references, to see if tokens are not working, to see the health of the system, and many more things. For more information, see Using the Dashboard.
Issue: When you open the Configuration Manager page, Self Service Password Reset displays a warning message for LDAP stating LDAP Test User error. This issue occurs because Self Service Password Reset generates random password for test user and Active Directory does not allow frequent changes to the test user password. This might result in new user registration failure.
Workaround: This happens when you have configured a user distinguished name (dn) for a test user during the Self Service Password Reset configuration and specified TESTUSER in the Password Policy Template setting, under New User Registration. As you require different password policies for different profiles, it is recommended that you skip specifying the test user dn during Self Service Password Reset configuration. You can provide a user dn, whose password policy can be used for a specific profile, by using the Password Policy Template setting.
This issue can also happen if you have not specified any test user during the Self Service Password Reset configuration and the Password Policy Template setting is set as TESTUSER. You must specify the user dn in the Password Policy Template setting to resolve this issue.
Issue: Mobile users see the error of one or more responses is not correct, when using Self Service Password Reset.
Solution: This error is caused by time not being in synchronized in your network. You must synchronize the time between the LDAP and the Self Service Password Reset servers by using the same NTP source.
The error occurs in the following conditions:
The time (in seconds) set in the LDAP server, the Self Service Password Reset server, and the mobile device are not synchronized
A difference of more than 5 seconds occurs between the LDAP server and the Self Service Password Reset server
A difference of more than 5 seconds occurs between the Self Service Password Reset server and the mobile device
A difference of more than 5 seconds occurs between the LDAP server and the mobile device
To use the same NTP source:
Log in to the appliance administration tool.
Use the Time settings in the appliance management tool to specify the same NTP source as your LDAP servers are using. For more information, see Configuring Time Settings.
Ensure that time is synchronized on the LDAP servers and they are using the same NTP time source. For more information, see:
Active Directory:
How the Windows Time Service Works
eDirectory:
Synchronizing Network Time
in the NetIQ eDirectory Administration Guide
Issue: Users do not receive any automated emails from the SMTP server even after you have configured Self Service Password Reset to send emails. You receive the error Unable to send Email: No From Address in the logs. Self Service Password Reset displays this message only when it is installed on a SUSE Linux Enterprise Server and the computer name is not defined in the /etc/hosts file.
Solution: On the SUSE Linux Enterprise Server where Self Service Password Reset is installed, include the computer name in the /etc/hosts file. Replace 127.0.0.1 localhost with 127.0.0.1 name of the computer localhost.