Topic
  • 15 replies
  • Latest Post - ‏2014-02-20T16:53:27Z by jgstew
SystemAdmin
SystemAdmin
104 Posts

Pinned topic Local User Management - Cannot change password

‏2012-11-13T18:32:22Z |
When I try to change the password on an endpoint in the Local User Management dashboard, the action script that it generates looks like it's missing something. Here are the first several lines that show the missing "if" block:

parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"

delete __createfile
delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"

//Match encrypted string to client
endif

move "__createfile" "{parameter "OPENSSL_FOLDER"}\dat64.ssl"

If I try to submit the action I get the expected error,
"Unable to parse action script line 8: Endif encountered without If."

Any ideas what's missing here? I've activated the Local User Management Analysis and ran the Enable Encrypted Password Deployment task on a number of test servers. They all show up in the dashboard, but have this same result.
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2012-12-04T14:35:53Z  
    I'm having the exact same issue. Any help IBM?
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2012-12-05T13:23:32Z  
    I'm having the exact same issue. Any help IBM?
    There are several idiosyncrasies with Local User Management.

    First, the wizard duplicates the first line of the script. Just delete the duplicate line.

    If you try to set a password over 14 characters, it will fail. That appears to be a CLI limitation of the Microsoft command.

    Be careful of the special characters you try to use in the password. It is easy for some of them to get mis-interpreted. For example '/' or '\' or '|' may get mis-interpreted or fail.

    Make sure you test the password that you are setting so that the results are what you expect. This process does work within the noted parameters.
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2012-12-05T15:05:54Z  
    There are several idiosyncrasies with Local User Management.

    First, the wizard duplicates the first line of the script. Just delete the duplicate line.

    If you try to set a password over 14 characters, it will fail. That appears to be a CLI limitation of the Microsoft command.

    Be careful of the special characters you try to use in the password. It is easy for some of them to get mis-interpreted. For example '/' or '\' or '|' may get mis-interpreted or fail.

    Make sure you test the password that you are setting so that the results are what you expect. This process does work within the noted parameters.
    Sounds to me like IBM needs to do some updating.

    I would think fixing the wizard to not generate duplicate lines of code would be pretty easy...however I'm not having that issue.

    According to the following link, Site 19 of Labs released on November 27th, 2012 lifted the 14 character password restriction. https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20Labs%20Release%20Notes

    However, it doesn't appear the wizard is generating the correct net user syntax to accept the greater than 14 character password warning. That syntax is, net user username password /add /y

    None of this still explains why there is an endif without an if though.
  • Zakkus
    Zakkus
    23 Posts

    Re: Local User Management - Cannot change password

    ‏2013-02-04T23:44:46Z  
    Sounds to me like IBM needs to do some updating.

    I would think fixing the wizard to not generate duplicate lines of code would be pretty easy...however I'm not having that issue.

    According to the following link, Site 19 of Labs released on November 27th, 2012 lifted the 14 character password restriction. https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20Labs%20Release%20Notes

    However, it doesn't appear the wizard is generating the correct net user syntax to accept the greater than 14 character password warning. That syntax is, net user username password /add /y

    None of this still explains why there is an endif without an if though.
    Hey Guys,

    So it looks like there are two bugs with this labs project.

    It seems the wizard doesn't create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

    The other bug is that the dashboard has a dependency on analysis 977: "Encryption Analysis for Clients" in the BigFix Management site, but doesn't really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling "endif" clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

    -Zak
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2013-02-05T05:17:03Z  
    • Zakkus
    • ‏2013-02-04T23:44:46Z
    Hey Guys,

    So it looks like there are two bugs with this labs project.

    It seems the wizard doesn't create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

    The other bug is that the dashboard has a dependency on analysis 977: "Encryption Analysis for Clients" in the BigFix Management site, but doesn't really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling "endif" clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

    -Zak
    Hi Zak,

    What site is this analysis included with? 977: "Encryption Analysis for Clients"

    I searched my deployment and I am unable to find this analysis to activate.

    Thanks!

    Cesar
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2013-02-06T00:16:15Z  
    Hi Zak,

    What site is this analysis included with? 977: "Encryption Analysis for Clients"

    I searched my deployment and I am unable to find this analysis to activate.

    Thanks!

    Cesar
    Hi Cesar, That analysis is in the BES Support site -Adam
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2013-02-09T06:18:15Z  
    Hi Cesar, That analysis is in the BES Support site -Adam
    hhmmmmm...It seems that I am missing that analysis. When we use our MO account we receive a relevance error. See attached. Do you think I need to contact support?
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2013-02-12T08:49:28Z  
    hhmmmmm...It seems that I am missing that analysis. When we use our MO account we receive a relevance error. See attached. Do you think I need to contact support?
    Hope soon we will have answers

    Julia
  • SystemAdmin
    SystemAdmin
    104 Posts

    Re: Local User Management - Cannot change password

    ‏2013-03-12T13:47:11Z  
    • Zakkus
    • ‏2013-02-04T23:44:46Z
    Hey Guys,

    So it looks like there are two bugs with this labs project.

    It seems the wizard doesn't create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

    The other bug is that the dashboard has a dependency on analysis 977: "Encryption Analysis for Clients" in the BigFix Management site, but doesn't really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling "endif" clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

    -Zak
    Hello Zak,
    i have the same issue
    1.Analysis 977: "Encryption Analysis for Clients" is activated and only one server (BES console\server) is applicable.
    2.I have the same error "Unable to parse action script line 7: Endif encountered without If."
    here you can see first lines of the script:
    parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
    delete __createfile
    delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"
    //Match encrypted string to client
    endif

    3.i tried to deactivated Analysis 977 and activated it back

    Waiting for replay,
    Julia
  • jgstew
    jgstew
    5 Posts

    Re: Local User Management - Cannot change password

    ‏2013-04-15T19:30:29Z  
    • Zakkus
    • ‏2013-02-04T23:44:46Z
    Hey Guys,

    So it looks like there are two bugs with this labs project.

    It seems the wizard doesn't create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

    The other bug is that the dashboard has a dependency on analysis 977: "Encryption Analysis for Clients" in the BigFix Management site, but doesn't really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling "endif" clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

    -Zak

    I have the same issue as well.

    The analysis "Encryption Analysis for Clients" is activated, but it appears to be looking for the following:

    (value "CertificatePath" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl" of x32 registry as string)

    which does not exist on clients that have had the "Enable Encrypted Password Deployment" task run on them. This task does not appear to set the required registry entry. 

     

     

  • nore0402
    nore0402
    1 Post

    Re: Local User Management - Cannot change password

    ‏2013-07-26T02:28:52Z  
    Hello Zak,
    i have the same issue
    1.Analysis 977: "Encryption Analysis for Clients" is activated and only one server (BES console\server) is applicable.
    2.I have the same error "Unable to parse action script line 7: Endif encountered without If."
    here you can see first lines of the script:
    parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
    delete __createfile
    delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"
    //Match encrypted string to client
    endif

    3.i tried to deactivated Analysis 977 and activated it back

    Waiting for replay,
    Julia

    Hello Julia

     

    I seem to be running into the same problems just wanted to know if there has been a fix 

     "Unable to parse action script line 7: Endif encountered without If."
    here you can see first lines of the script:
    parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
    delete __createfile
    delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"
    //Match encrypted string to client
    endif

    ..I noticed in the Lab release note that this issue has been resolved but I am still running into the same issue.

    My site is showing version 20

    https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/BigFix+Labs+Release+Notes

     

    Thanks 

    Norman

     

  • Andrew_TEM
    Andrew_TEM
    1 Post

    Re: Local User Management - Cannot change password

    ‏2013-11-05T20:00:49Z  
    • jgstew
    • ‏2013-04-15T19:30:29Z

    I have the same issue as well.

    The analysis "Encryption Analysis for Clients" is activated, but it appears to be looking for the following:

    (value "CertificatePath" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl" of x32 registry as string)

    which does not exist on clients that have had the "Enable Encrypted Password Deployment" task run on them. This task does not appear to set the required registry entry. 

     

     

    Nudge Nudge.

     

    Ben/Zak,

    Any updates on the above issues?  I'm still experiencing all the above issues.

    -Andrew

  • jgstew
    jgstew
    5 Posts

    Re: Local User Management - Cannot change password

    ‏2013-12-06T21:32:20Z  

    The updates I posed here are a way to change local user passwords securely in v9+ of IEM without using "Local User Management":

    https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508

  • Dickerson
    Dickerson
    1 Post

    Re: Local User Management - Cannot change password

    ‏2014-02-20T16:44:23Z  

    Did anyone find a solution to this issue?

  • jgstew
    jgstew
    5 Posts

    Re: Local User Management - Cannot change password

    ‏2014-02-20T16:53:27Z  
    • Dickerson
    • ‏2014-02-20T16:44:23Z

    Did anyone find a solution to this issue?

    Not using local user management I believe, but there is a fixlet/task based solution at the end of the thread here:  https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508