Manage Security Questions with SSPR Storefront 3.7

[Jeroen Ensink]

Citrix released a new version of Storefront with new features like ""Questions and answers" with Storefront 3.7.

 

But the button "Tasks", where you can open the "Questions and answers", is missing. 

See Attachment. Attachment is a example from Citrix.

[CarlStalhood]

Did you install SSPR, configure it, and then link it to StoreFront? http://docs.citrix.com/en-us/self-service-password-reset/1-0.html

[Jeroen Ensink]

No, I didn't :(  I will try that first  :)

[Aaron OReilly]

I have also noticed the Tasks icon missing in the dev environment I have just set up.  The "Account Self Service" link shows on the logon page after SSPR is enabled in the Authentication settings for the Store but once logged in the button is missing.  Will be reviewing the logs on the IIS server to see if I can find out what is going on. 

[Kishore Kunisetty]

Could you check the SSPR user configuration to see if your user is member of the group you have chosen there?

 

Thanks

KishoreK

[Aaron OReilly]

I initially used an OU but when that gave nothing I changed the config to use Domain Users for the group to catch everything just in case.

 

Have also found that disabling sspr in the store auth config sometimes does not have an effect and the self service link is still on the login page. After a restart of the website and the mmc, sspr shows as enabled still but now disabling it will work.

[Gergely Boruzs]

Have the same issue! Tasks menu is not showing up.

Changed from OU to AD group.. no change.

 

Any ideas?

[Ueli Beyeler]

Same issue too. Have tried with OU / Group, both ways the task Icon does not show up. Does anyone know how this is triggered ?

[MIKE G]

Its odd - i get the task tab, can setup questions, but when i test at the end of entering my answers it says im not allowed to use self service?

 

other uses in the ou login and dont even see the task tab

[MIKE G]

You guys are using your internal storefronts right? this doesnt work through netscaler i believe.

[Feng Huang]

SSPR currently does not work when StoreFront is accessed via NSG.

[Iain Curr]

Same issue - no Tasks tab.

Try to use the link on the storefront landing page and the users are told "you cannot use account self service"

 

Accessing the store directly, no netscaler configured, SSPR config set to Domain Users.

 

I've followed the citrix guide and Carl's but no joy so far. Can't see what I've missed.

 

Storefront 3.7.0.39, XenDesktop 7.11 Platinum, License server 7.11.0.86, SSPR 1.0

[MIKE G]

You're definitely hitting storefront directly? 

 

I was getting 'you cannot use account self service' for domain admin accounts - im guessing because the service account cant change passwords of users with higher permissions.

[Iain Curr]

Thanks for the reply Mike. Yep, definitely directly to the storefront server - even tested while RDPd on the server itself.

 

Based on your suggestion I made both the proxy and service roles use domain admin accounts as a test. Made no difference, even basic users get the 'you cannot use' message.

 

I'll start from scratch again tomorrow and post if I crack it.

[Darren Bennett1709156837]

I'd check the permissions of the SSPR self service (sync) account if you get the "you cannot use" message.

The sync account would need to have Domain Admin rights for SSPR to work with Domain Admin accounts.

SSPR for Domain Admin accounts is of course not recommended, for obvious reasons - though no doubt some customers and partners would find it useful.  

Iain, the issue you describe is normally due to the user not being in an OU or group that's configured in the SSPR console in User Configuration.

[Chris Hide]

Did you manage to get this working?

 

I still can't get the Tasks > Manage security questions tab to show in StoreFront.

 

I have a load balanced pair, I'm accessing the StoreFront servers internally and do not have NetScaler gateway configured.

 

I followed the instructions at https://blog.infrashare.net/2016/09/28/how-to-configure-citrix-self-service-password-reset-sspr/ which mentions this issue in the troubleshooting steps. However, I've tried an iisreset as well as disabling and re-enabling the authentication method and propagating changes each time but it still doesn't work.

 

Any ideas?

[Gabriel Byrne1709152884]

Ensure that Unified experience is enabled and in the receiver for web site that the classic experience is disabled. 

[Kedar Pavaskar1709157578]

stuck on this same issue for a while now. The manage Tasks tab just doesnt show up.

Used a domain admin account for both Data proxy and the self service account.

on the storefront Receiver for Web URL i see the "Account self Service " option under the Logn button, however i cannot use it before setting up the Security questions( Which i am unable to as i don't see the 'Tasks' tab on logon)

 

any inputs are greatly appreciated.

[James Chandler]

Has anyone made headway on this problem.  I am seeing the same issue.  I get the "Account self Service" menu at the storefront login page.  But i never get the task icon once i have authenticated.  Both my DataProxyAccount and SelfServiceAccount are in the DomainAdmin goup.  I am not coming through a NSG, but am going directly to the Storefront url.  I have totally rebuilt both the SSPR server and Storefront server twice, with no progress.