Topic
15 replies Latest Post - ‏2014-02-20T16:53:27Z by jgstew
SystemAdmin
SystemAdmin
104 Posts
ACCEPTED ANSWER

Pinned topic Local User Management - Cannot change password

‏2012-11-13T18:32:22Z |
When I try to change the password on an endpoint in the Local User Management dashboard, the action script that it generates looks like it's missing something. Here are the first several lines that show the missing "if" block:

parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"

delete __createfile
delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"

//Match encrypted string to client
endif

move "__createfile" "{parameter "OPENSSL_FOLDER"}\dat64.ssl"

If I try to submit the action I get the expected error,
"Unable to parse action script line 8: Endif encountered without If."

Any ideas what's missing here? I've activated the Local User Management Analysis and ran the Enable Encrypted Password Deployment task on a number of test servers. They all show up in the dashboard, but have this same result.
Updated on 2013-03-12T13:47:11Z at 2013-03-12T13:47:11Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    104 Posts
    ACCEPTED ANSWER

    Re: Local User Management - Cannot change password

    ‏2012-12-04T14:35:53Z  in response to SystemAdmin
    I'm having the exact same issue. Any help IBM?
    • SystemAdmin
      SystemAdmin
      104 Posts
      ACCEPTED ANSWER

      Re: Local User Management - Cannot change password

      ‏2012-12-05T13:23:32Z  in response to SystemAdmin
      There are several idiosyncrasies with Local User Management.

      First, the wizard duplicates the first line of the script. Just delete the duplicate line.

      If you try to set a password over 14 characters, it will fail. That appears to be a CLI limitation of the Microsoft command.

      Be careful of the special characters you try to use in the password. It is easy for some of them to get mis-interpreted. For example '/' or '\' or '|' may get mis-interpreted or fail.

      Make sure you test the password that you are setting so that the results are what you expect. This process does work within the noted parameters.
      • SystemAdmin
        SystemAdmin
        104 Posts
        ACCEPTED ANSWER

        Re: Local User Management - Cannot change password

        ‏2012-12-05T15:05:54Z  in response to SystemAdmin
        Sounds to me like IBM needs to do some updating.

        I would think fixing the wizard to not generate duplicate lines of code would be pretty easy...however I'm not having that issue.

        According to the following link, Site 19 of Labs released on November 27th, 2012 lifted the 14 character password restriction. https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20Labs%20Release%20Notes

        However, it doesn't appear the wizard is generating the correct net user syntax to accept the greater than 14 character password warning. That syntax is, net user username password /add /y

        None of this still explains why there is an endif without an if though.
        • Zakkus
          Zakkus
          23 Posts
          ACCEPTED ANSWER

          Re: Local User Management - Cannot change password

          ‏2013-02-04T23:44:46Z  in response to SystemAdmin
          Hey Guys,

          So it looks like there are two bugs with this labs project.

          It seems the wizard doesn't create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

          The other bug is that the dashboard has a dependency on analysis 977: "Encryption Analysis for Clients" in the BigFix Management site, but doesn't really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling "endif" clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

          -Zak
          • SystemAdmin
            SystemAdmin
            104 Posts
            ACCEPTED ANSWER

            Re: Local User Management - Cannot change password

            ‏2013-02-05T05:17:03Z  in response to Zakkus
            Hi Zak,

            What site is this analysis included with? 977: "Encryption Analysis for Clients"

            I searched my deployment and I am unable to find this analysis to activate.

            Thanks!

            Cesar
          • SystemAdmin
            SystemAdmin
            104 Posts
            ACCEPTED ANSWER

            Re: Local User Management - Cannot change password

            ‏2013-03-12T13:47:11Z  in response to Zakkus
            Hello Zak,
            i have the same issue
            1.Analysis 977: "Encryption Analysis for Clients" is activated and only one server (BES console\server) is applicable.
            2.I have the same error "Unable to parse action script line 7: Endif encountered without If."
            here you can see first lines of the script:
            parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
            delete __createfile
            delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"
            //Match encrypted string to client
            endif

            3.i tried to deactivated Analysis 977 and activated it back

            Waiting for replay,
            Julia
            • nore0402
              nore0402
              1 Post
              ACCEPTED ANSWER

              Re: Local User Management - Cannot change password

              ‏2013-07-26T02:28:52Z  in response to SystemAdmin

              Hello Julia

               

              I seem to be running into the same problems just wanted to know if there has been a fix 

               "Unable to parse action script line 7: Endif encountered without If."
              here you can see first lines of the script:
              parameter "OPENSSL_FOLDER" = "{pathname of parent folder of client}\openSSL\bin"
              delete __createfile
              delete "{parameter "OPENSSL_FOLDER"}\dat64.ssl"
              //Match encrypted string to client
              endif

              ..I noticed in the Lab release note that this issue has been resolved but I am still running into the same issue.

              My site is showing version 20

              https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/BigFix+Labs+Release+Notes

               

              Thanks 

              Norman

               

          • jgstew
            jgstew
            5 Posts
            ACCEPTED ANSWER

            Re: Local User Management - Cannot change password

            ‏2013-04-15T19:30:29Z  in response to Zakkus

            I have the same issue as well.

            The analysis "Encryption Analysis for Clients" is activated, but it appears to be looking for the following:

            (value "CertificatePath" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl" of x32 registry as string)

            which does not exist on clients that have had the "Enable Encrypted Password Deployment" task run on them. This task does not appear to set the required registry entry. 

             

             

            • Andrew_TEM
              Andrew_TEM
              1 Post
              ACCEPTED ANSWER

              Re: Local User Management - Cannot change password

              ‏2013-11-05T20:00:49Z  in response to jgstew

              Nudge Nudge.

               

              Ben/Zak,

              Any updates on the above issues?  I'm still experiencing all the above issues.

              -Andrew

  • jgstew
    jgstew
    5 Posts
    ACCEPTED ANSWER

    Re: Local User Management - Cannot change password

    ‏2013-12-06T21:32:20Z  in response to SystemAdmin

    The updates I posed here are a way to change local user passwords securely in v9+ of IEM without using "Local User Management":

    https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508

  • Dickerson
    Dickerson
    1 Post
    ACCEPTED ANSWER

    Re: Local User Management - Cannot change password

    ‏2014-02-20T16:44:23Z  in response to SystemAdmin

    Did anyone find a solution to this issue?