Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2015-03-12) Resolving The "Policy Violation" Error With FIM SSPR

Posted by Jorge on 2015-03-12


You may be testing SSPR or a user may actually be using it to reset its own password and the following error is presented.

image

Figure 1: The Password Does Not Comply With Your Organization’s Password Policies

When you look in the Forefront Identity Manager Event Log you will see the following event ID 3

image

Figure 2: The Password Reset Activity In The Password Reset Action Workflow Failed Due To A Policy Violation

PWReset Activity’s MIIS Password Set call failed because of a policy violation.

…And you will also see the following error, which does not tell you anything

image

Figure 3: Service Fault Exception – DataRequiredFaultReason

The web portal received a fault error from the FIM service.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: DataRequiredFaultReason
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
Web Portal: FIM Password Reset Portal
Session Id: xlei5mqvkukke145sjxbu355
IP Address: 10.1.1.32

A password policy consists of the following policy settings:

  1. Enforce password history X passwords remembered
  2. Maximum password age X days
  3. Minimum password age X days
  4. Minimum password length X characters
  5. Password must meet complexity requirements Disabled
  6. Store passwords using reversible encryption

A password change will always enforce all policy settings, except policy setting [2] (The maximum password age is what actually triggers the password change)

A regular password reset or a password reset through FIM SSPR while policy enforcement is disabled will by default enforce all policy settings, except the policy settings [2], [1] and [3]. When policy enforcement is enabled as specified in "FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies", it will also enforce policy setting [1] and [3], and therefore the password reset will behave like a password change. Be aware of that!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2015-03-12) Resolving The "Policy Violation" Error With FIM SSPR”

  1. Sarteel said

    Maybe I missed something but I’m still have the issue – it is not clear in your post how to solve it, it is for me impossible to use the password change functionality. I have a Windows 2012 DC (not Windows 2008) and FIM 2010 R2

  2. Mark said

    What is the actual fix?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: