Passportal Help

Troubleshooting the AD Agent

Installer crashes

When performing an installation of Windows Agent the application crashes when selecting the install location of the Windows Agent.

This is likely due to the account you are currently signed into not having appropriate access to the Install folder location.

To correct this:

  1. Go to C:\Program Files\ and right click on the Passportal folder and select Properties
  2. Go to the Security Tab, then choose Advanced
  3. Change the owner to the account you are currently signed into, and select the checkbox to replace the owner on the subcontainers and objects
  4. Apply these permissions.
  5. Attempt to install the Windows Agent again, and it should complete successfully this time.

Sync has not been Running for a Client

You're seeing that sync has not happened for a client in a couple days.

  1. Connect to the Primary Domain Controller, and launch the Passportal Application.
  2. Authenticate with your Passportal logins on the agent, and select the client you are connected to.
  3. Grab the Passportal Sync credentials from Passportal, and paste them into the agent.
  4. Save and start the agent, and verify that the sync for the client is now showing as recently synced.

 

I've installed the AD agent with 2-way password sync enabled but password changes made in AD are not Updated in Passportal

Below are the areas to check in order to verify that the 2-way sync meets the prerequisites and is installed correctly:

  1. Redistribute package of Microsoft C++ on the DC i.e.:
  2. If the redistributable is missing, it can be found on Microsoft's site (install both the x86 and x64 versions):

    http://download.microsoft.com/download/0/5/6/056dcda9-d667-4e27-8001-8a0c6971d6b1/vcredist_x64.exe

  3. dll in the following folder:
  4. c:\windows\system32\ADPasswordChangeNotifier.dll

  5. Three Passportal registry entries:
  6. [HKEY_LOCAL_MACHINE\Software\Passportal\ADAgentAddress] = 127.0.0.1

    [HKEY_LOCAL_MACHINE\Software\Passportal\ADAgentPort] = 7771

    [HKEY_LOCAL_MACHINE\Software\Passportal\InstalledByAutoUpdate] = False

  7. system registry entry
  8. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages] = “Notification Packages” is a value of type REG_MULTI_SZ, so it may contain multiple DLL names. There should be among them adpasswordchangenotifier

    For example:

    rassfm

    scecli

    adpasswordchangenotifier

  9. To enforce the notification password, the password complexity setting must be enabled, i.e.

If all of these prerequisites are in place, we may need to activate the security policy audit log to trace the events to see what might be happening at the operating system level.

To audit the loading of notification packages, click Start , point to Programs, point to Administrative Tools, and then select Local Security Policy. Expand Local Policies, and then double-click Audit Policy. Double-click Audit System Events, and then use the Success and Failure check boxes.

Any errors attributed to the 2-way sync notifier will appear in the Event Viewer -> Security logs.

You have two credentials with the same Username - Resolved in Version 3.9.3.0

If a second credential entry with the same username has appeared in Passportal, the newest credential entry will be marked as "Waiting on Connection".

With this, you will be able to disable any second credentials that are showing as Waiting on Connection.

Once these duplicate entries have been disabled in the system, please ensure that your Windows Agent is running the latest version. You can see the version of the agent by launching the Passportal Application on the desktop, then looking in the bottom left corner.