English Version Version Française Versión española
Software UserLock Technical Resources FAQ

UserLock® FAQ


I can't deploy the agent on my all workstations. Why?

If the deployment doesn't work on a workstation, you should check the following points:

1- Is the workstation registry remotely accessible from the server? (using regedit)
2- Is the workstation administrative share \\workstationName\admin$ accessible from the server?

Here under are some common reasons of a deployment problem:
- Failed to connect to workstation. Error code = 0x0005 Access is denied. The UserLock service account hasn't the administrative rights on all workstations. In this case, check that:
1- The UserLock service account is member of the "domain admin" group
2- The "domain admin" group is member of the administrators group on all workstations
- Failed to connect to workstation. Error code = 0x0035 Network path not found.
1-The computer is down or doesn't exist
2-The NetBIOS name of the workstation cannot be resolved because of a WINS problem.
3-The "File and network sharing" component is not installed in the network connection of the workstation or the server service and the remote registry service are not running.

I want to evaluate UserLock in my production environment without the evaluation message. Is that possible?

You can ask us for an evaluation key at info@userlock.com. In order to send you the key, we need the exact number of workstations to protect in the domain.

UserLock doesn't apply the defined rules to the logged users. Why?

Check that you have only one UserLock service running on your sub network.
Check that the agent is deployed on all workstations.

I purchased UserLock and when I enter the activation key in the console I get the error message: "Invalid or insufficient key". What's the problem?

Older versions of UserLock (less than v2.5) were licensed according the number of user accounts in the domain and you have probably exceeded this number. To avoid this problem please download the latest version (2.5 or more).

How can I uninstall the UserLock agent manually from a workstation?

You just need to remove the following registry value and reboot the workstation.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
You can download a reg file here that will remove this registry value automatically.

Since I installed UserLock on my server I get the following warning in the event log: 3034:MRxSmb or 4:Kerberos. What’s the problem?

The problem is not directly related to UserLock. The warning is generated when the UserLock deployer try to contact specific unavailable workstations listed in the Active Directory. In consequence their IP address is sometimes used by another computer. In consequence when the server contacts the workstation A the workstation B responds instead and this warning is generated.
You can read the following article of the Microsoft knowledge base about this problem: Q263208

  • To fix it you just need to remove all “ghost” computers listed in your Active Directory.
  • As workaround you can also set the following registry setting and restart the UserLock service (Version >= 3.02):
    HKEY_LOCAL_MACHINE\SOFTWARE\ISDecisions\UserLock\CheckIpConflict = REG_DWORD:1

    • Users are not able to open a second session on my terminal server even if more than 1 session is allowed through protected accounts. Why?

    With the default configuration UserLock always disconnect any previous session for a user on the server in order to join it instead of creating a new session. This allows a user to continue his work from a new location without having to get back to the previous location in order to disconnect the session. You can change this behaviour in the Agent distributions properties (Agent tab) of the UserLock primary server or in server properties (Terminal server tab) if the server is in standalone terminal server mode. For the setting “Try to join any existing session on the server” select “If the new session is not allowed” or “Never”.

    How do I upgrade my UserLock server to a new version?

    The following procedure works for all versions greater than v2.4.

  • In order to avoid a reboot, close all MMC consoles on the server
  • In order to avoid a reboot and if you are using the web console, restart IIS. Open the Internet services manager from the administrative tools and right click on the server item, from the menu click on Restart IIS
  • Uninstall UserLock from the server but leave all agents installed (protected accounts are kept in the process)
  • Install the new version of UserLock on the server and run the configuration wizard to set basic service settings
  • Optionally upgrade the agent (if a new version is available) on all workstations (recommended)

    • How do I move the UserLock service to a new server?

  • Install UserLock on the new server
  • Start the configuration wizard but don’t click on Next in the Service account step. Leave the wizard on standby.
  • Copy the files UserLock.cfg and UserLock.mdb located in the folder “c:\program files\ISDecisions\UserLock” from the old server to the new server.
  • Stop the UserLock service on the old server
  • Click Next in the UserLock configuration wizard on the new server. The new service is automatically started and is working.
  • Uninstall UserLock from the old server or at least disable the service to avoid conflicts between the two servers.

    • I get an internal server error (HTTP 500) when I try to use the web interface. How do I fix this?

    Open the Internet service manager in the Administration tools and check that an application is created on the web site on which the ULAdmin virtual folder is installed and that Enable session state is selected in the application configuration. If needed create an application either at the root of the web site or on the ULAdmin virtual folder. When done restart IIS.

    I get an HTTP error 404 File not found when I try to use the web interface. How do I fix this?

    The Active server page needs to be enabled in IIS. In Windows 2003, from the control panel open Add/Remove programs and then Add/Remove Windows components. Check that Active server page is selected in Application Server/Internet Information Service (IIS)/World Wide Web service.

    I can’t see terminal sessions on my terminal server in UserLock but I see the local console session. What’s the problem?

    Open the terminal services console (in administration tools) from your terminal server and display the RDP connection properties. In the general tab the setting “Use standard Windows authentication” should be unchecked. For Citrix terminal server you need to do same for the ICA connection.

    The UserLock server generates many logon events on my computers. How can I avoid this?

    UserLock regularly checks the agent status and tries to retrieve lost logon events on all workstations of the protected network zone. That's why logon events are generated.
    You can slow down the check speed by adding the following registry value on the server:
    HKEY_LOCAL_MACHINE\SOFTWARE\ISDecisions\UserLock\WaitBetweenCheck = (DWORD) Time interval in ms
    The default value is 500 (an half second between each computer). If you set for example 5000 (each 5 s) you will get 10 times less logon events.
    A service restart is needed after creating or changing this value. This setting only works on UserLock 3.5 or more.

    Please contact us if your problem isn't answered here : support@isdecisions.com

    UserLock

    <a href="http://www.isdecisions.com/en/software/userlock/university-network-solution/"><img src="http://www.isdecisions.com/images/marge-ul-educ-en.gif" alt="Benefit from a 20% educational discount" border="0" /></a>

    Awards

    UserLock Award
    "Readers of Microsoft Certified Professional Magazine have named
    IS Decisions UserLock as one of their favorite products."

    Buy online

    Buy Online with our Secure Online Payment
    VisaMasterCard