can't change password for New discovered accounts


kindly help for below error as change password and check password tasks couldn't be done successfully

Queuing task.
Starting task.
Looking up user information for ***.
Changing password for account ***.
Unable to log in to the asset using service account ***@*****.com
Saving task results.
Task completed with failure.

although connection with active directory succeeded  using the same service account.

  • Here are a few things to look at and try.

    I assume that the target asses is a domain member and not a stand alone system and that you can authenticate to it with a domain admin account. Also that the service account is not a member of domain admins.

    Does the connection test associated with the asset configured in safeguard to the asset pass?

    Is the target asses behind any firewall or have ACL's been set that may prevent Safeguard from reaching it? Check the admin guide for details of ports that need to be open.

    Have you modified your AD to allow the service account to have permissions to be able to reset password? If service account is not a member of domain admins then  you need to make changed to the protected groups to allow it to have the minimum permissions to manage passwords.

    Have you tried making the service account a member of domain admins and re-running your reset job to see if that works? This will tell ypu if you have a permission issue.

    Do you use this service account to manage password on other assets? Can this service account reset passwords on other assets? If it works compare configurations for both servers.

    Hope this helps


  • Hi Tim,

    thanks for your reply

    please note that service account is member of domain admins, so will check its function to reset active directory accounts and send the feedback soon.

    for Firewall potentials, i see connection to AD is well also account discovery running well. please explain which ports to be open for change and check password functions

  • for firewall ports check out the admin guide appendix. "Safeguard Ports"This will give you a full list. It is appendix A on page 573 in the 6.0 LTS guide

    If service account is a member of domain admins at this stage you should not have a permission issue. Best practice would recommend that the permissions on this account be reduced in final configuration.

    Can you login to the target asset with the service account?

    Does the Safeguard connection test work without error? This would give an indication that Safeguard can reach the asset.