Getting error when trying to reset password using SSPR

Priyavert Sharma 136 Reputation points
2021-04-22T00:20:10.023+00:00

Hello Experts,

I am receiving when trying to reset password using SSPR. Did anyone experience this issue and any suggestion to fix this issue?

TrackingId: 96c98dc4-51a9-465a-9f49-513683aa5881, Reason: Synchronization Engine returned an error hr=8023062C, message=The password could not be set because the server is not configured for insecure setting of passwords, or a 128 bit TLS or SSL connection is required., Context: cloudAnchor: User_46ddacdd-15de-4ac7-ad52-16dfa58bda04, SourceAnchorValue: 4nN1w5b2jkq110hFAPlaXg==, UserPrincipalName: U1@keyman .com, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=8023062C, message=The password could not be set because the server is not configured for insecure setting of passwords, or a 128 bit TLS or SSL connection is required.
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ChangePassword(String cloudAnchor, String sourceAnchor, String oldPassword, String newPassword)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ChangePassword(String changePasswordXMLRequestString)

Thanks!!!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,271 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,556 Reputation points
    2021-04-22T08:49:52.54+00:00

    Hi @Priyavert Sharma · Thank you for reaching out.

    This error usually occurs if "Sign and Encrypt LDAP Traffic" is disabled in Azure AD Connect. To resolve this issue, please make sure "Sign and Encrypt LDAP Traffic" is enabled at all places mentioned below:

    • Connectors > AD Connector > Properties > Connect to Active Directory Forest > Options

    image

    • Connectors > AD Connector > Properties > Configure Directory Partitions > Select a directory partition > Options (under Domain Controller connection settings)

    image

    • Connectors > AD Connector > Properties > Configure Directory Partitions > Select a directory partition > Set Credentials (only when Alternate credentials for this directory partition is selected) > Options

    90461-image.png

    Once "Sign and Encrypt LDAP Traffic" is enabled as mentioned above, restart ADSync service and the issue should be resolved.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Priyavert Sharma 136 Reputation points
    2021-04-22T16:47:27.167+00:00

    Wow... Thanks @AmanpreetSingh-MSFT .. you Rock man..

    I have ticket opened with Microsoft for 3 weeks and they could not figure it out and keep pointing issue with in On-premises AD environment.

    Thanks for sharing the solution. It worked for me. Really appreciate your help. Thanks!!!!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.