A gate plugin exception was encountered while running the Password Reset application

Scenario

You attempt to invoke the self-service password reset (SSPR) process and get the error:

A gate plugin exception was encountered while running the Password Reset application.
Error Text: An error occurred while calling SetDisplaySettings.
Error Code: 50001.

A screenshot is below.

Alternatively you attempt to register for self-service password reset and you get a generic error:

An error was encountered. Please call helpdesk or your system administrator for further assistance.

A screenshot is below.

If you look at the FIM Password Reset client trace file (assuming you’ve enabled it) you’ll see this error:

PwdMgmtProxy: Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The registration workflow did not start. The FIM Service is not properly configured. 
 at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.StartRegistration() 

Followed closely by this:

PwdMgmtProxy: Microsoft.IdentityManagement.PasswordReset.Utilities.UserFailureException: An unexpected error has occurred. Please contact helpdesk or your administrator. 
 at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.WriteGetNGateMsg(ClientPipeContext& client) 
 at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Register(ClientPipeContext& client) 
 at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context) 

More information

The first error “The registration workflow did not start. The FIM Service is not properly configured.” occurs when the requestor is not a member of the All Active People set. The out-of-box (OOB) management policy rule (MPR): “General workflow: Registration initiation for authentication activity” has the All Active People set configured as the Resource Current Set and Resource Final Set. If the requestor is not a member of this set the registration or reset process will fail.

Resolution

Ensure that all members of the Password Reset Users Set are also members of the All Active People set. You could change the resource current and resource final sets but this is an OOB MPR for SSPR so you’re likely better off ensuring consistency between the set of users that can access the registration process (Password Reset Users Set) and the set of users used by one of the core MPRs for the process.

Reference

Once again Anthony Ho’s expert assistance on the FIM forum resulted in me getting to the bottom of this error quickly.

Why did this happen to me?

This is why!   JJ.

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in FIM, FIM 2010, Self Service Password Reset, Troubleshooting and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s