Environment
Situation
Resolution
Through the implementation of identity verification questions, Secure Password Administrator offers secure access to your network without compromising password complexity requirements. Using SSL Web technology and 160-bit Blowfish encryption, Secure Password Administrator steps into the self-service password management arena fully secure and prepared.
Why Install This Version?
NetIQ Secure Password Administrator Version 1.0 offers security and stability, while also allowing you to place password responsibilities in the hands of your users. Secure Password Administrator helps buttress your network security, eases the load of your Helpdesk and administrator staff, and helps ensure the security of complex passwords. The following Secure Password Administrator features assist helpdesk staff and administrators enforce, bolster, and maintain network security, while improving employee productivity:
- Offers self-service password resets
- Provides a unique, difficult to crack, yet easy to remember identity verification sequence to validate user account password resets and unlocks
- Allows individuals to unlock their own accounts
- Synchronizes passwords across multiple accounts
- Provides immediate return on your security investment dollar
Viewing Documentation Files
When viewing the documentation files in the installation kit, you may observe the following issues:
- The installation kit provides some documentation in Microsoft Word DOC files. To view these documentation files, you need Microsoft Word or Microsoft Word Viewer installed. Other programs, such as Microsoft Wordpad, may not correctly translate the file format. You can download Microsoft Word Viewer from the Microsoft Web site (http://www.microsoft.com/).
- When you view the documentation files through the setup program, the snap-in for Internet Explorer may display some hidden text, such as index entry tagging, in the files. To hide this hidden text:
- On the Tools menu, click Options.
- Clear the All and Hidden Text check boxes, and then click OK.
Unlocking Your Account
The following procedure updates the information provided in the "Unlocking Your Account without Changing Your Password" section of the User Guide.
To update your account without changing your password:
- Open Internet Explorer and navigate to the Secure Password Administrator Self-Service site.
- On the Welcome window, click Unlock my user accounts.
- On the User Login window, provide a valid user account and domain, and then click Next.
- Provide the answers to your identity verification questions.
- If you have more than one account associated with your SPA profile, select the account or accounts you want to unlock.
- Click Unlock.
- When Secure Password Administrator presents you with the Account Unlock Summary window, click Home.
General Notes
NetIQ Corporation strives to ensure our products provide quality solutions for your password management needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
- Unicode Character Support
At this time.
, Secure Password Administrator does not support the usage of unicode characters. For example, Chinese and Japanese character may display incorrectly in the user interfaces. - Unregistered Users Report
Using a member of the DRA Admins AA group as the account used to communicate with the DRA server causes the unregistered users report to report on all user accounts over which the member has control. This may vastly skew the managed account numbers. It is not recommended to use a member of the DRA Admins AA group as either your SPA service account or as your SPA override account as this will also nullify your ability to limit access to the Self-Service site. For more information, see the User Guide.
- Password History Support
At this time, Secure Password Administrator does not support password history and the application of password retention. If you have applied native password history support, Secure Password Administrator may allow individuals to bypass password history settings.
- Enabling MSDE TCP/IP Access
By default, MSDE 2000 SP 3a does not allow TCP/IP connections to the database. In previous versions of MSDE, allowing TCP/IP connections to the database through a port was the default. If you upgrade your instance of MSDE from a previous version, for example you upgrade MSDE 2000 SP 3 supplied with Secure Password Administrator , the previous settings are retained. If you installed MSDE 2000 SP 3a and did not allow TCP/IP connections to the database, complete the following task before installing Secure Password Administrator .
To enable TCP/IP access to your MSDE 2000 SP 3a database server:
- Log on to the computer on which you installed MSDE.
- Navigate to the Binn folder using Windows Explorer. By default, you can locate the Binn folder in the
\Program Files\Microsoft SQL Server\80\Tools
folder. - Double-click
SRNETCN.exe
. - On the General tab, click TCP/IP in the Disabled protocols list.
- Click Enable>>, and then click OK.
- Click OK.
- Use the Services administrative tool to stop and restart the MSSQLSERVER service.
- Incorrect Error Message in MSDE Install
The Secure Password Administrator setup program launches the MSDE 2000 SP 3 setup program. During the installation of MSDE, you may see the following erroneous error: UNC paths are not supported. The error is incorrect and can be safely ignored. Installing MSDE from a mapped drive is not supported, UNC paths are supported.
- Correcting the Inability to Obtain a SPA License
The SPAMcsLicense.dll file may become unregistered. If this issue occurs, SPA displays the following error message: "The SPA license could not be obtained. Contact your administrator."
To correct this issue:
- Run
registerSpaDlls.bat
. By default, this file is located inProgram Files\NetIQ\SPA\bin
on the SPA Web server computer. - Restart the NetIQ Secure Password Administrator service.
- Run
- Upgrading or Reinstalling over the SPA Database
Secure Password Administrator does not overwrite any of the information stored in a database and does not uninstall the database as part of its uninstall process. If you attempt to upgrade or reinstall and want to use the same MSDE or SQL Server instance, information you provide the setup program about the SPA database during the second installation attempt is ignored. For example, the email From field you define for emails from Secure Password Administrator is not applied. The field remains the same as in the previous install.
If you want to uninstall the database, use SQL Enterprise Manager to delete the database.
Additional Information
For more information about software requirements, please see the following knowledge base article:
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB36876