Hello @DenJS ,
I am just wondering if you verified what ADMA account has the necessary permissions for password writeback.
Source: Common password writeback errors
Sincerely,
Olga Os
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi there,
I'm really stuck with SSPR not working. Followed all guides and troubleshooting articles. My last attempt was to added MSOL_ account to Domain Admins and also configuring Network Access Policy (SAM) to allow that MSOL_ account access to SAM database. Nothing helped.
Still getting this on a DC controller where AADC is installed:
An unexpected error has occurred during a password set operation.
"ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveUserDelete', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveComputerDelete', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): admaexport.cpp(2944): Failed to acquire user information: DOMAIN.LOCAL\MSOL_d2e930321643. Error Code: ERROR_ACCESS_DENIED
BAIL: MMS(7224): admaexport.cpp(2979): 0x80230626 (The password could not be updated because the management agent credentials were denied access.)
BAIL: MMS(7224): admaexport.cpp(3312): 0x80230626 (The password could not be updated because the management agent credentials were denied access.)
ERR_: MMS(7224): ..\ma.cpp(8256): ExportPasswordSet failed with 0x80230626
Azure AD Sync 2.1.16.0"
At the same time, I can successfully reset passwords through office.com->my account->change password.
And when I do that I also see logs on the DC where AD Sync runs:
Password Change Result - Anchor : Jkxn20bYFmkINUw==, Dn : CN=Test User,DC=DOMAIN,DC=local, PwdChangeOnLogon=False, Result : Success.
I'm presuming password write-back works fine then?
Any help with fixing SSPR part would be much appreciated.
Thank you.
Hello @DenJS ,
I am just wondering if you verified what ADMA account has the necessary permissions for password writeback.
Source: Common password writeback errors
Sincerely,
Olga Os
Hi there,
yes, verified that multiple times, also like I said I made the MSOL_ account a member of a Domain Admins group, also made a test OU where I dropped my test account and I gave full access to the MSOL_ account on that OU, waited for two days tried again - same sameness, doesn't SSPR work, password reset from office.com/profile does work.
Thanks.