This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 53%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi there,
I'm really stuck with SSPR not working. Followed all guides and troubleshooting articles. My last attempt was to added MSOL_ account to Domain Admins and also configuring Network Access Policy (SAM) to allow that MSOL_ account access to SAM database. Nothing helped.
Still getting this on a DC controller where AADC is installed:
An unexpected error has occurred during a password set operation.
"ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveUserDelete', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveComputerDelete', 0x2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(7224): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(7224): admaexport.cpp(2944): Failed to acquire user information: DOMAIN.LOCAL\MSOL_d2e930321643. Error Code: ERROR_ACCESS_DENIED
BAIL: MMS(7224): admaexport.cpp(2979): 0x80230626 (The password could not be updated because the management agent credentials were denied access.)
BAIL: MMS(7224): admaexport.cpp(3312): 0x80230626 (The password could not be updated because the management agent credentials were denied access.)
ERR_: MMS(7224): ..\ma.cpp(8256): ExportPasswordSet failed with 0x80230626
Azure AD Sync 2.1.16.0"
At the same time, I can successfully reset passwords through office.com->my account->change password.
And when I do that I also see logs on the DC where AD Sync runs:
Password Change Result - Anchor : Jkxn20bYFmkINUw==, Dn : CN=Test User,DC=DOMAIN,DC=local, PwdChangeOnLogon=False, Result : Success.
I'm presuming password write-back works fine then?
Any help with fixing SSPR part would be much appreciated.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
I have the same issue and we have tried all the articles for this and nothing happened, any advice?
Hello @DenJS ,
I am just wondering if you verified what ADMA account has the necessary permissions for password writeback.
Source: Common password writeback errors
Sincerely,
Olga Os
Hi there,
yes, verified that multiple times, also like I said I made the MSOL_ account a member of a Domain Admins group, also made a test OU where I dropped my test account and I gave full access to the MSOL_ account on that OU, waited for two days tried again - same sameness, doesn't SSPR work, password reset from office.com/profile does work.
Thanks.