Local User Management - Cannot change password

(imported topic written by SystemAdmin)

When I try to change the password on an endpoint in the Local User Management dashboard, the action script that it generates looks like it’s missing something. Here are the first several lines that show the missing “if” block:

parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”

parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”

delete __createfile

delete “{parameter “OPENSSL_FOLDER”}\dat64.ssl”

//Match encrypted string to client

endif

move “__createfile” “{parameter “OPENSSL_FOLDER”}\dat64.ssl”

If I try to submit the action I get the expected error,

“Unable to parse action script line 8: Endif encountered without If.”

Any ideas what’s missing here? I’ve activated the Local User Management Analysis and ran the Enable Encrypted Password Deployment task on a number of test servers. They all show up in the dashboard, but have this same result.

(imported comment written by SystemAdmin)

I’m having the exact same issue. Any help IBM?

(imported comment written by SystemAdmin)

There are several idiosyncrasies with Local User Management.

First, the wizard duplicates the first line of the script. Just delete the duplicate line.

If you try to set a password over 14 characters, it will fail. That appears to be a CLI limitation of the Microsoft command.

Be careful of the special characters you try to use in the password. It is easy for some of them to get mis-interpreted. For example ‘/’ or ‘’ or ‘|’ may get mis-interpreted or fail.

Make sure you test the password that you are setting so that the results are what you expect. This process does work within the noted parameters.

(imported comment written by SystemAdmin)

Sounds to me like IBM needs to do some updating.

I would think fixing the wizard to not generate duplicate lines of code would be pretty easy…however I’m not having that issue.

According to the following link, Site 19 of Labs released on November 27th, 2012 lifted the 14 character password restriction.

https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20Labs%20Release%20Notes

However, it doesn’t appear the wizard is generating the correct net user syntax to accept the greater than 14 character password warning. That syntax is, net user username password /add /y

None of this still explains why there is an endif without an if though.

(imported comment written by Zakkus)

Hey Guys,

So it looks like there are two bugs with this labs project.

It seems the wizard doesn’t create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.

The other bug is that the dashboard has a dependency on analysis 977: “Encryption Analysis for Clients” in the BigFix Management site, but doesn’t really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling “endif” clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.

-Zak

(imported comment written by SystemAdmin)

Hi Zak,

What site is this analysis included with? 977: “Encryption Analysis for Clients”

I searched my deployment and I am unable to find this analysis to activate.

Thanks!

Cesar

(imported comment written by SystemAdmin)

Hi Cesar, That analysis is in the BES Support site -Adam

(imported comment written by SystemAdmin)

hhmmmmm…It seems that I am missing that analysis. When we use our MO account we receive a relevance error. See attached. Do you think I need to contact support?

(imported comment written by SystemAdmin)

Hope soon we will have answers

Julia

(imported comment written by SystemAdmin)

Hello Zak,

i have the same issue

1.Analysis 977: “Encryption Analysis for Clients” is activated and only one server (BES console\server) is applicable.

2.I have the same error “Unable to parse action script line 7: Endif encountered without If.”

here you can see first lines of the script:

parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”

delete __createfile

delete “{parameter “OPENSSL_FOLDER”}\dat64.ssl”

//Match encrypted string to client

endif

3.i tried to deactivated Analysis 977 and activated it back

Waiting for replay,

Julia

(imported comment written by nore0402)

Hello Julia

I seem to be running into the same problems just wanted to know if there has been a fix

“Unable to parse action script line 7: Endif encountered without If.”

here you can see first lines of the script:

parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”

delete __createfile

delete “{parameter “OPENSSL_FOLDER”}\dat64.ssl”

//Match encrypted string to client

endif

…I noticed in the Lab release note that this issue has been resolved but I am still running into the same issue.

My site is showing version 20

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/BigFix+Labs+Release+Notes

Thanks

Norman

(imported comment written by jgstew)

I have the same issue as well.

The analysis “Encryption Analysis for Clients” is activated, but it appears to be looking for the following:

(value
"CertificatePath"

of
key
"HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl"

of
x32 registry
as
string)

which does not exist on clients that have had the “Enable Encrypted Password Deployment” task run on them. This task does not appear to set the required registry entry.

(imported comment written by Andrew_TEM)

Nudge Nudge.

Ben/Zak,

Any updates on the above issues? I’m still experiencing all the above issues.

-Andrew

(imported comment written by jgstew)

The updates I posed here are a way to change local user passwords securely in v9+ of IEM without using “Local User Management”:

https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508

(imported comment written by Dickerson)

Did anyone find a solution to this issue?

(imported comment written by jgstew)

Not using local user management I believe, but there is a fixlet/task based solution at the end of the thread here:
https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508

5 posts were split to a new topic: Changing Local User Passwords with BigFix

Has the Issue with Local User Management been resolved… We are attempting to create local administrators in a Secure manner however the bug in the Local User Management still continues… is there any fix in Pipeline or any means to achieve our requirement

Bumping this one … The Actionscript generated by the Local user management dashboard is still messed up.