none
SSPR issues

    Question

  • Hi,

    I configured SSPR in FIM 2010 R2. After successful confiuration iam getting the below error in the reset password page after supplying all the registration questions.

    Error while attempting to reset password

    The registred user should exist in the FIM Sync server and APP DB?

    What is the meaning of the error?

    Thanks in Adavance!!!!!!

    Thursday, December 13, 2012 1:04 PM

Answers

  • This usually indicates that the account used for the Active Directory MA doesn't have permissions enough to set the new password for the user.

    If I remember correctly you need at least the following:

    • Reset Password
    • Change Password
    • Read userAccountControl
    • Write userAccountControl
    • Read lockoutTime
    • Write lockoutTime

    How to set this is described in detail in the FIM 2010 SSPR Deployment Guide.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Friday, December 14, 2012 12:56 PM

All replies

  • Any detail error about the request in fim portal and eventlog?


    Tracy | Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, December 14, 2012 7:43 AM
  • This usually indicates that the account used for the Active Directory MA doesn't have permissions enough to set the new password for the user.

    If I remember correctly you need at least the following:

    • Reset Password
    • Change Password
    • Read userAccountControl
    • Write userAccountControl
    • Read lockoutTime
    • Write lockoutTime

    How to set this is described in detail in the FIM 2010 SSPR Deployment Guide.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Friday, December 14, 2012 12:56 PM
  • Thanks Jesper,

    But iam not using ADMA. We are using VIS MA for SSPR. VIS is like virtual identity server to connect multiple forestes in AD. We enabled Password reset check box in VIS MA. Still we are unable to set the the password for the user.

    Could you please let me know where we can set permissions.


    Monday, December 17, 2012 2:47 PM