Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2015-03-12) Resolving The "Policy Violation" Error With FIM SSPR

Posted by Jorge on 2015-03-12

You may be testing SSPR or a user may actually be using it to reset its own password and the following error is presented.


Figure 1: The Password Does Not Comply With Your Organization’s Password Policies

When you look in the Forefront Identity Manager Event Log you will see the following event ID 3


Figure 2: The Password Reset Activity In The Password Reset Action Workflow Failed Due To A Policy Violation

PWReset Activity’s MIIS Password Set call failed because of a policy violation.

…And you will also see the following error, which does not tell you anything


Figure 3: Service Fault Exception – DataRequiredFaultReason

The web portal received a fault error from the FIM service.
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: DataRequiredFaultReason
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
Web Portal: FIM Password Reset Portal
Session Id: xlei5mqvkukke145sjxbu355
IP Address:

A password policy consists of the following policy settings:

  1. Enforce password history X passwords remembered
  2. Maximum password age X days
  3. Minimum password age X days
  4. Minimum password length X characters
  5. Password must meet complexity requirements Disabled
  6. Store passwords using reversible encryption

A password change will always enforce all policy settings, except policy setting [2] (The maximum password age is what actually triggers the password change)

A regular password reset or a password reset through FIM SSPR while policy enforcement is disabled will by default enforce all policy settings, except the policy settings [2], [1] and [3]. When policy enforcement is enabled as specified in "FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies", it will also enforce policy setting [1] and [3], and therefore the password reset will behave like a password change. Be aware of that!

* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
############### Jorge’s Quest For Knowledge #############
######### ########


3 Responses to “(2015-03-12) Resolving The "Policy Violation" Error With FIM SSPR”

  1. Sarteel said

    Maybe I missed something but I’m still have the issue – it is not clear in your post how to solve it, it is for me impossible to use the password change functionality. I have a Windows 2012 DC (not Windows 2008) and FIM 2010 R2


  2. Mark said

    What is the actual fix?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: