This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 3%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
Hi,
I created a Sign In type User Flow and both "Self-service password reset" and "Forced password reset" options are enabled.
From Azure AD B2C portal , I reset an user's password. And Portal generates a temporary password.
When an User tries to Sign In, he is redirected to 
So till now everything is fine as expected.
What i did was, i used temporary password for all three fields ( Password, New Password and Confirm New Password) and i submitted the form and i got an 
as i expected. However, when i try to submit same form despite having error, after 5 attempts, i got this error message below and with the new session and if i try to login with old password and then i am able to login successfully.
AADB2C90157: User has exceeded the maximum number for retries for a self-asserted step.
Correlation ID: XXXX
Timestamp: 2021-08-12 15:42:32Z
Steps to reproduce
1- Reset User's password from Azure AD B2C
2- Use temporary password as new password (also in confirm new password field)
3- Click Continue in order to submit
4- Repeat step 3 at least 5 times till get an error message AADB2C90157
5- Then open login page again and use email and temporary password
Is this expected behaviour? What should i do in order to avoid this situation?
Thanks in advance.
Hi @Sertac Yilmaz , you're only supposed to put the temporary password in the "password" section. You then have to create a new unique password for the user in the other boxes. This is resetting the password to something new. Please let me know if you have any questions.
If this answer helped you please mark it as "Verified" so other users may reference it.
Thank you,
James
@James Hamil thank you for your reply. I understand that user is supposed to put temporary password only where it is supposed to be put. But verification fails if he does not do what is not supposed to do. In my opinion, this can be good improvement. Verification should maintain, it should not fail, it should not accept temporary one after x attempts, what is currently happening.
Thank you.