I have a customer wishing to use active assistant. They have system with NT4 and unity 2.46 (latest build). They currently do not have an NT domain within the organization. They wish to deploy AA but when they are prompted within IE to change thier password it fails.<br><br>I checked the MS KB for possible missing componenets but all seems to be well in the MS world on this system.<br><br>Any recommendations?<br><br>Thanks,<br><br>email@example.com<br><br>
First, you say they don't have an NT domain... what are they logging into from their workstations? Novell?
Is it saying CHANGE the password or is it asking you to ENTER a loging/domain/password when you access the AA?
If you guys are not authenticating on the same NT domain that Unity is installed in, this is what's going to happen. When you access the SA or AA we need to get a security token from your account and if you haven't authenticated, you don't have one... the IIS server then prompts you to identify yourself on our domain (user name, password, domain name) and once you authenticate we'll let you in. No way around that...
they are a novell shop and the only nt domain is unity therefore they are not authenticating to a domain per se. What happens when they first go into AA they are challanged like anyone else but once they put in the username domainname and password they are then taken to an IIS based change password utility that says the password has expired and you must create a new one. This is where it fails.
Hope this is enough for you. If you need more - not a problem.
Ah... that makes sense. I'm betting their NT accounts created on our box all have the "user must change password at next login" checked. If you don't want them to have to change their password, you'll have to go into the domain administrator and clear those flags (or tell everyone to change their PW when they log in once and then it should be OK after that). You should also check the NT password policy to be sure that the PWs wont expire on you (if that's not what you want) and have users go through this again 30 or 60 days down the road.
The issue here is that yes the check box is check to force them to change the password. I want that to happen. However, when they are taken to the change password dialog via IIS the service does not work. As I've said I have checked all the MS side of it and all seems well. Do you have any idea why this does not work?
IIS by default isnt configured to allow PW changes without fiddling a bit. Be aware that allowing folks to change their PW via IIS is not entirely secure (as Microsoft warns in the first article below) Anyway, heres a couple of MSDN article that should help you out here:
Configuring IIS to allow PW changes for NT accounts:
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.