Thursday, December 13, 2012 1:04 PM
I configured SSPR in FIM 2010 R2. After successful confiuration iam getting the below error in the reset password page after supplying all the registration questions.
“Error while attempting to reset password”
The registred user should exist in the FIM Sync server and APP DB?
What is the meaning of the error?
Thanks in Adavance!!!!!!
Friday, December 14, 2012 7:43 AM
Any detail error about the request in fim portal and eventlog?
Tracy | Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Friday, December 14, 2012 12:56 PM
This usually indicates that the account used for the Active Directory MA doesn't have permissions enough to set the new password for the user.
If I remember correctly you need at least the following:
- Reset Password
- Change Password
- Read userAccountControl
- Write userAccountControl
- Read lockoutTime
- Write lockoutTime
How to set this is described in detail in the FIM 2010 SSPR Deployment Guide.
--- Jesper Lönnqvist, Identity Architect http://addition-it.se
- Proposed As Answer by Piotr PaczochaMicrosoft Employee Saturday, December 15, 2012 7:45 AM
Monday, December 17, 2012 2:47 PM
But iam not using ADMA. We are using VIS MA for SSPR. VIS is like virtual identity server to connect multiple forestes in AD. We enabled Password reset check box in VIS MA. Still we are unable to set the the password for the user.
Could you please let me know where we can set permissions.