question

RNDMaster-1939 avatar image
0 Votes"
RNDMaster-1939 asked RNDMaster-1939 commented

Getting error when trying to reset password using SSPR

Hello Experts,

I am receiving when trying to reset password using SSPR. Did anyone experience this issue and any suggestion to fix this issue?

TrackingId: 96c98dc4-51a9-465a-9f49-513683aa5881, Reason: Synchronization Engine returned an error hr=8023062C, message=The password could not be set because the server is not configured for insecure setting of passwords, or a 128 bit TLS or SSL connection is required., Context: cloudAnchor: User_46ddacdd-15de-4ac7-ad52-16dfa58bda04, SourceAnchorValue: 4nN1w5b2jkq110hFAPlaXg==, UserPrincipalName: U1@domain.com, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=8023062C, message=The password could not be set because the server is not configured for insecure setting of passwords, or a 128 bit TLS or SSL connection is required.
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ChangePassword(String cloudAnchor, String sourceAnchor, String oldPassword, String newPassword)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ChangePassword(String changePasswordXMLRequestString)

Thanks!!!

azure-ad-connectazure-ad-sspr
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft edited

Hi @RNDMaster-1939 · Thank you for reaching out.

This error usually occurs if "Sign and Encrypt LDAP Traffic" is disabled in Azure AD Connect. To resolve this issue, please make sure "Sign and Encrypt LDAP Traffic" is enabled at all places mentioned below:

  • Connectors > AD Connector > Properties > Connect to Active Directory Forest > Options

image

  • Connectors > AD Connector > Properties > Configure Directory Partitions > Select a directory partition > Options (under Domain Controller connection settings)

image

  • Connectors > AD Connector > Properties > Configure Directory Partitions > Select a directory partition > Set Credentials (only when Alternate credentials for this directory partition is selected) > Options

90461-image.png

Once "Sign and Encrypt LDAP Traffic" is enabled as mentioned above, restart ADSync service and the issue should be resolved.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



image.png (93.9 KiB)
image.png (74.2 KiB)
image.png (95.7 KiB)
image.png (93.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RNDMaster-1939 avatar image
0 Votes"
RNDMaster-1939 answered RNDMaster-1939 commented

Wow... Thanks @amanpreetsingh-msft .. you Rock man..

I have ticket opened with Microsoft for 3 weeks and they could not figure it out and keep pointing issue with in On-premises AD environment.

Thanks for sharing the solution. It worked for me. Really appreciate your help. Thanks!!!!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.