Issue: You have installed the TechIDAgent, it isn’t listed in the TechIDPortal, OR it is listed in the TechIDPortal and there are no users are showing up in the TechIDClient for anyone, OR the users accounts are created in the wrong OU or without the correct rights, OR passwords aren’t rotating, OR etc…
Something just isn’t right. Let’s do some trouble shooting:
Let’s start with the simple and common and work toward the less common.
- Is the TechIDAgent running on the DC if you are making domain accounts? Check for a service named “TechIDAgent” and make sure it is running. If it is not running, start it. Run “TechIDAgent.exe start” as described in this documentation on the TechIDAgent.
- Is the TechIDAgent running on the computer if you are making local admin accounts or use TechIDManager LAPS? Check for a service named “TechIDAgent” and make sure it is running. If it is not running, start it. Run “TechIDAgent.exe start” as described in this documentation on the TechIDAgent.
- Is there a Triplet that grants some techs Rights on that Agent? Look at the TechIDPortal and click on “Reports” -> “Triple Access Report”. Select the Agent in question from the drop down at the top and ensure that the users you expect to have accounts on that Agent have at least 1 Right on that Agent. If they don’t create Groups and a Triplet such that users are granted rights. See this documentation on Triplets.
- Is there an error in the Logs\TechIDAgent.log? In the directory where the TechIDAgent is installed there is a directory named Logs with a file named “TechIDAgent.log” (don’t confuse it with TechIDAgent.InstallLog). This is a log of all the actions and errors of the TechIDAgent. Check for an error near the end of this file.
- Some Errors in TechIDAgent.log and how to address them.
System.DirectoryServices.AccountManagement.PasswordException: The password does not meet the password policy requirements.
– This is usually caused by a password length greater than 16 characters on a SBS (or migrated from SBS domain). The solution to this is to use a 16 character password on that domain. This can be set with the “passwordlength” option on the TechIDAgent as described in this documentation on the TechIDAgent.System.UnauthorizedAccessException: Access is denied.
– This is rare and usually indicates an AD setup issue.- Is there a setup issue with AD? Can you manually do the same things TechIDAgent is trying to do?
- Is the TechIDAgent running on the DC? The most common reason for access is denied is not running the TechIDAgent on a DC.
- Is the TechIDAgent service running as Local System?
- Is there any virus or protection software running that could be preventing access, and do those logs show anything?
System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
– This indicates that there is a still referenced DC that is offline or “tomb stoned”. This is an AD setup issue and the references to the old, off, or decommissioned, DC need to be removed from AD.System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational.
– This indicates that there is a still referenced DC that is offline or “tomb stoned”. This is an AD setup issue and the references to the old, off, or decommissioned, DC need to be removed from AD.System.IO.FileNotFoundException: Could not load file or assembly 'Newtonsoft.Json, Version=12.0.0.0, Culture=neutral,...
– This indicates that not all the files from the distribution zip file were copied to the same directory.System.DirectoryServices.AccountManagement.MultipleMatchesException: Multiple principals contain a matching Identity....
– This indicates that two accounts were created for a tech. This is usually caused by installing the TechIDAgent on two DCs in the same AD, and both have created the accounts for the techs before a sync of the trees between DCs. The solution is to uninstall TechIDAgent from one of the DCs and delete one (or both) of the duplicate accounts for each tech. The remaining TechIDAgent will manage (or recreate) the account for each tech.
- If none of these suggestions are able to fix your issue, please contact Support@RuffianSoftware.com. We are here to help.