Use the following information to troubleshoot users’ issue when using Self Service Password Reset.
Self Service Password Reset provides a tool that allows you to see a list of detailed information about a user to help troubleshoot many different issues. The User Debug tool displays the following information about a specific user account:
Password policy defined in Self Service Password Reset
Password policy defined in the LDAP directory
Where the response information is stored
This information helps you troubleshoot when users cannot log in or when users do not see the modules you have assigned to them.
To access the User Debug tool:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
Specify the name of the user account you want to debug.
View the information about the user to help troubleshoot issues.
(Optional) Clickto download a JSON file with the information to give to technical support.
Technical support might ask for this information to help troubleshoot issues. The troubleshooting bundle that you download for support contains a debug report for a couple of the last users that logged into Self Service Password Reset.
Issue: When the LDAP identity source is Active Directory, sometimes users see a delay when accessing the user website for Self Service Password Reset.
Solution: One of the major performance issues in an Active Directory network is the reverse DNS resolution. Disable> > > . If the performance increases, then there are DNS issues in your network you must resolve to enable the reverse DNS resolution again.
If turning off the reverse DNS resolution does not work, access the logs and look at the timestamps and ensure time is synchronized between your Active Directory servers and the server running the Self Service Password Reset application.
Issue: A user started the forgotten password process and did not complete the process. The user cannot log in to Self Service Password Reset any longer.
Solution: When a user starts the password change process by clicking, a random password is generated and if the user cancels the process without completing it, the user cannot use the old password. This happens because Self Service Password Reset recognizes the random password that was created when the user clicked on .
To resolve this issue perform the following:
For Active Directory, you can enable thesetting in the Configuration Editor under > > .
For eDirectory and Oracle Directory Server, have the user start the forgotten password process again and complete the process. The forgotten password process forces the users to reset their passwords.
There are two different options for you to have the users change the default language. The first option allows the users to change the default language and the second option is that you provide a URL that automatically displays the desired language.
Users click language option at the bottom of the Self Service Password Reset screen and select the desired locale. The language option displays the language that the page is currently using.
As an administrator, you can override the default language through the locale parameter by using a link to Self Service Password Reset. For example, http://sspr.example.com/sspr/?locale=sv.
This sets the locale to Swedish and overrides the browser locale settings.
Integration of Self Service Password Reset with Novell Client Login Extension (CLE) enables Windows desktop to support forgotten password reset.
CLE facilitates password self-service by adding a link to the Microsoft Credential Provider (MSCP), and Microsoft GINA login clients. When users click the Client Login Extension User Guide.link in their login client, CLE launches a restricted browser to access the Password Self-Service feature on the login clients. For more information about how to integrate CLE with Self Service Password Reset, see
Forgotten Password recovery or reset is generally performed by using a proxy or administrator’s account in Self Service Password Reset. However, you can configure it to use the user's account while setting the forgotten password by disablingin the Configuration Editor under > > . In this scenario, the Active Directory policy is disabled while changing the password.
However, this does result in a temporary password being set on the user's account just before they set a new password. This can cause issues if there is a minimum lifetime set for the password policy.