none
The server encountered an error while attempting to perform a set/change password operation. RRS feed

  • General discussion

  • Hi,

    I have configured the FIM 2010 R2 password Reset , during the password reset, user can able to reply for challenge question and after that its throws error

    AD Management agent has required permission for resetting the password.

    FIM Service account is the member of FIMBrowser and FIM PasswordReset.

    WMI and COM permission are given for FIMService account.

    All MPRS are enable for Password Reset.

    In Event Viewer i am getting different access denied error

    The server encountered an error while attempting to perform a set/change password operation.

    "BAIL: MMS(3788): d:\bt\800\private\source\miis\server\server\ma.cpp(8166): 0x80070005 (Access is denied.)

    Forefront Identity Manager 4.1.3419.0"

    The server encountered an error while attempting to perform a set/change password operation.

    "BAIL: MMS(5848): d:\bt\800\private\source\miis\server\server\ma.cpp(8166): 0x80070005 (Access is denied.)

    Forefront Identity Manager 4.1.3419.0

    The server encountered an unexpected error while performing an operation for the client.

    "BAIL: MMS(6112): d:\bt\800\private\source\miis\server\server\server.cpp(8080): 0x80070005 (Access is denied.)

    Forefront Identity Manager 4.1.3419.0"

    The server encountered an error while attempting to perform a set/change password operation.

    "BAIL: MMS(1676): d:\bt\800\private\source\miis\server\server\ma.cpp(8166): 0x80070005 (Access is denied.)

    Forefront Identity Manager 4.1.3419.0"

    IN FIM Portal User Account which try to reset the password got postprocessing error!..

    Thanks,

    Sridhar

    Tuesday, March 26, 2013 12:56 PM

All replies

  • After changing group membership for FIM Service account and rights have you restarted the service?

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Tuesday, March 26, 2013 11:44 PM
  • yes I have restarted the service ,but still i am getting this error.

    Regards,

    Sridhar

    Wednesday, March 27, 2013 5:59 AM
  • Are rights to reset a password on a users delegated in AD? 

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Wednesday, March 27, 2013 8:57 AM
  • Hi Tomasz,

    Below permission is given for AD management agent

    • Read userAccountControl = Allow
    • Write userAccountControl=Allow
    • Read lockoutTime = Allow
    • Write lockoutTime = Allow
  • Apply the following permissions under the Object tab:

    • Reset password = Allow
    • Change password = Allow
    • Grant Replicating Directory Changes permissions

    • Apart from this we need anyother permission!..

    • Regards,

    • Sridhar

Wednesday, March 27, 2013 9:08 AM
  • Yes Tomek, AD management agent has all the permission as per Password Reset document

    Wednesday, March 27, 2013 11:25 AM
  • try to update the AD MA credential

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Thursday, March 28, 2013 1:53 AM