• State Not Answered
  • Replies 7 replies
  • Subscribers 38 subscribers
  • Views 4044 views
  • Users 0 members are here
Options
Related

SPE Errors when VPN is disconnected.

peter burtenshaw
over 3 years ago

Hello all,

We have a VPN for users to connect to in order to access most of the systems they need for their work, which is installed and recomended on all of our clients. They must log in via the VPN in most cases.

Today, our SPE has started giving the 'Service Not available. Please contact you administrator'/'SPE is not configured correctly' error message, but only when a client is not connected to our VPN.

If the client is connected to the VPN, they can access PMUser, but if they cannot log in they will not be able to log in to our VPN.



PMUser works fine in a normal browsing session (regardless of VPN connection), but has stopped working in Firefox. In firefox, I get Server Error in '/PMUser' Application. (IE and Edge are fine)
PMUser also is working fine when accesses externally.

I am wondering if anyone knows where the fault may lie? We have not made any changes to our VPN or proxy recently.



I have tried:
Flushing DNS before testing SPE
different browsers/computers
KB 239613 (This gave errors in PMAdmin and did not fix PMUser, so was reverted)
Checking GPO policies to ensure the correct self-service URL is provided.

Environment:

Clients are all Windows 10 with SPE 5.8.2.1831

Server is 2012 R2 running PM 5.8.2.1831 on IIS 8.

Domain controllers have the connector of the same version installed.

I'm happy to give most information I can, or try anyhting that anyone thinks could be the issue.

Parents
  • 0 over 3 years ago

    As an update (and display of my awful diagnostics) I've resolved the firefox issue with a clear of cookies and cache, so now the only issue that remains is the SPE reporting that the URL may be wrong. Is there a way of checking, within the SPE, which URL it is using? Or a way to use that as a web browser?

  • 0 over 3 years ago in reply to peter burtenshaw

    Hi Peter,

    If you are using the default method by the SPE to connect to the PMUser site, you can see that URL listed in the PMAdmin site-> general settings-> realm instances

    Or if you are forcing the SPE to go to a specific URL using the ADM template, then you can check the URL on the client PC itself

    1. Launch Regedit
    2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\One Identity\Password Manager
    3. Look for ForceRegistryURL with a value of 1
    4. As well as String Value (REG_SZ) called SelfServiceURL

     Thanks

    Stephen

Reply
  • 0 over 3 years ago in reply to peter burtenshaw

    Hi Peter,

    If you are using the default method by the SPE to connect to the PMUser site, you can see that URL listed in the PMAdmin site-> general settings-> realm instances

    Or if you are forcing the SPE to go to a specific URL using the ADM template, then you can check the URL on the client PC itself

    1. Launch Regedit
    2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\One Identity\Password Manager
    3. Look for ForceRegistryURL with a value of 1
    4. As well as String Value (REG_SZ) called SelfServiceURL

     Thanks

    Stephen

Children