Can't Enable Session Request and Can't Enable Password Request

We have two AD users. Lets call them UserA and UserB but for some reason i " Can't Enable Session Request and Can't Enable Password Request " for these two users. These users are in same OU just like all other users and all other users are working fine but only UserA and UserB can't access the servers

When they try to launch the session PAM blocks them and this message shows " Session requests are not allowed for this account "

Parents Reply
  • The Active Directory Asset would be under Asset Management > Assets > search here for the Active Directory Asset then double click on it and select the Accounts tab in this view and here you can view the AD Accounts associated with this AD asset to verify if these are associated correctly under the AD asset etc.

  • Hello Tawfiq, 

    So under Assests i checked the Resource's Asset and when i double click it and inside in Accounts Tab his AD account is mentioned, But only Service Account is checked. I tried to select(Check) Password Request and Session Request but it reverts to unchecked . I even open the ticket One Identity but so far it didnt help

  • This seems like a configuration issue.

    The AD account should not show under the resource asset accounts tab if its an AD account it would only show under the AD Asset > Account tab 

    You may also be running an older version of SPP, I would suggest to upgrade to latest (if running feature release then patch to latest as of this post is 7.5.1)

    If you need assistance with configuration, we suggest to consult with Professional Services team.


  • Apologies Tawfiq, im confused , exactly where it should show

    1 - Asset Management > Asset > AD Account

    2 - Asset Management > Accounts > Ad Account

    Because this AD account is in more menus

    And we are on version 7.4.0 and i dont think this is Version issue as all users are able to login without any issue. Any possibility of having remote session 

    Ticket number is 02437577 

  • Hi,

    The AD account is added under the Active Directory Asset (not under a Windows platform type assets)

    Asset Management > Find the Domain Active Directory Asset > Accounts tab > AD accounts should be listed here.

    Active Directory Asset > Accounts tab > should show AD accounts

    Other Windows Assets > Accounts tab > should only have Local Windows Accounts and not AD accounts