self-service password reset

Question

self-service password reset

Eric VILLARS 65

Hi,

I have this problem on client side when they change password with self service password:

User's image

When I look in the event viewer on my server hosting ad connect, I get the following errors:

User's image

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="PasswordResetService" /> 
  <EventID Qualifiers="0">33001</EventID> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2023-12-28T14:51:48.931300600Z" /> 
  <EventRecordID>10860150</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer>XXXX</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>TrackingId: f04995e0-79ff-4d0f-9be2-4a2058b269bd, Reason: Synchronization Engine returned an error hr=80072095, message=Une erreur de service d’annuaire s’est produite., Context: cloudAnchor: User_0f44d022-074d-4a91-91e8-16d8713a75a8, SourceAnchorValue: rkr+Ox40jkaEFPB0n7jqsA==, UserPrincipalName: XXXX, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=80072095, message=Une erreur de service d’annuaire s’est produite. à AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr) à AADPasswordReset.SynchronizationEngineManagedHandle.ChangePassword(String cloudAnchor, String sourceAnchor, String oldPassword, String newPassword) à Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ChangePassword(String changePasswordXMLRequestString)</Data> 
  </EventData>
  </Event>

And

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="ADSync" /> 
  <EventID Qualifiers="49152">6329</EventID> 
  <Level>2</Level> 
  <Task>3</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2023-12-28T14:41:54.773764600Z" /> 
  <EventRecordID>10860134</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer>XXXX</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>ERR_: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMADoNormalization', 0x2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (Le fichier spécifié est introuvable.): Win32 API failure: 2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (Le fichier spécifié est introuvable.) ERR_: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveUserDelete', 0x2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (Le fichier spécifié est introuvable.): Win32 API failure: 2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (Le fichier spécifié est introuvable.) ERR_: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveComputerDelete', 0x2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (Le fichier spécifié est introuvable.): Win32 API failure: 2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (Le fichier spécifié est introuvable.) ERR_: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'PasswordChangeAccessCheckLegacy', 0x2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (Le fichier spécifié est introuvable.): Win32 API failure: 2 BAIL: MMS(7952): C:\__w\1\s\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (Le fichier spécifié est introuvable.) BAIL: MMS(7952): ..\session.cpp(940): 0x80072095 (Une erreur de service d’annuaire s’est produite.): Cannot change password unknown error occurred: Server Error 0x202b Ldap Error 0xa BAIL: MMS(7952): ..\session.cpp(750): 0x80072095 (Une erreur de service d’annuaire s’est produite.) BAIL: MMS(7952): admaexport.cpp(2852): 0x80072095 (Une erreur de service d’annuaire s’est produite.) ERR_: MMS(7952): admaexport.cpp(2859): Failed to set the password using LDAP password policy control. BAIL: MMS(7952): admaexport.cpp(3440): 0x80072095 (Une erreur de service d’annuaire s’est produite.) ERR_: MMS(7952): ..\ma.cpp(8256): ExportPasswordSet failed with 0x80072095 Azure AD Sync 2.2.1.0</Data> 
  </EventData>
  </Event>

Version of Azure Sync:

Azure AD Sync 2.2.1.0

Do you have any idea to resolve this error?

Best regards,

Eric

Ravi Kanth Koppala 3,396 Reputation points Microsoft Employee Moderator

2023-12-28T16:40:31.8566667+00:00
@Eric VILLARS
The error message "Synchronization Engine returned an error hr=80072095, message=Une erreur de service d’annuaire s’est produite" in the event viewer indicates that there was an error with the directory service. This error can occur if the password synchronization is disabled after it is set up in the Azure Active Directory Sync appliance. To resolve this issue, enable password synchronization by running the Azure Active Directory Sync Configuration Wizard and selecting the "Enable Password Synchronization" checkbox on the Password Synchronization page. This will finish the password synchronization setup and start a full sync.

The error message "Cannot change password unknown error occurred: Server Error 0x202b Ldap Error 0xa" indicates that there was an error changing the password. This error can occur if there is an issue with the LDAP password policy control. To resolve this issue, make sure that the "Sign and Encrypt LDAP Traffic" setting is enabled in three places within Synchronization Service Manager. Please follow the steps provided in the "Troubleshoot error code 8023062C: Insecure password reset or change" article in the "Solution" section.

References:

How to troubleshoot password synchronization when using an Azure AD sync appliance

Troubleshoot error code 8023062C: Insecure password reset or change

AI Note: The answer is generated using the Microsoft Q&A AI Assist.
Eric VILLARS 65 Reputation points

2023-12-29T08:17:20.7333333+00:00

@Ravi Kanth Koppala

Tks for your answer. I will try your solution after my hollydays.

Your answer

Ravi Kanth Koppala 3,396 Reputation points Microsoft Employee Moderator

2023-12-28T16:40:31.8566667+00:00

@Eric VILLARS
The error message "Synchronization Engine returned an error hr=80072095, message=Une erreur de service d’annuaire s’est produite" in the event viewer indicates that there was an error with the directory service. This error can occur if the password synchronization is disabled after it is set up in the Azure Active Directory Sync appliance. To resolve this issue, enable password synchronization by running the Azure Active Directory Sync Configuration Wizard and selecting the "Enable Password Synchronization" checkbox on the Password Synchronization page. This will finish the password synchronization setup and start a full sync.

The error message "Cannot change password unknown error occurred: Server Error 0x202b Ldap Error 0xa" indicates that there was an error changing the password. This error can occur if there is an issue with the LDAP password policy control. To resolve this issue, make sure that the "Sign and Encrypt LDAP Traffic" setting is enabled in three places within Synchronization Service Manager. Please follow the steps provided in the "Troubleshoot error code 8023062C: Insecure password reset or change" article in the "Solution" section.

References:

How to troubleshoot password synchronization when using an Azure AD sync appliance

Troubleshoot error code 8023062C: Insecure password reset or change

AI Note: The answer is generated using the Microsoft Q&A AI Assist.
Eric VILLARS 65 Reputation points

2023-12-29T08:17:20.7333333+00:00

@Ravi Kanth Koppala

Tks for your answer. I will try your solution after my hollydays.

Share via

self-service password reset

Your answer