This post covers one of two reasons that the FIM Service fails to reset a password and throws the error PWReset Activity could not connect to the directory. The other issue is described here.
A user of Forefront Identity Manager 2010 Self-Service Password Reset successfully authenticates the question and answer (Q&A) gate, inputs a new password and fails to successfully reset with the generic error “An error occurred when attempting to reset password, please try again”.
Upon inspection of the Forefront Identity Manager log in Event Viewer the following error has been recorded:
Textually, that’s an event ID 3 from Microsoft.ResourceManagement with a description of “PWReset Activity could not connect to the directory”.
As the error suggests the issue is that the entered password did not make it to the directory. Or another way, the call into MIIS_CSObject::SetPassword failed.
The reason? There might be several, i.e. an ADMA connectivity or authentication issue but one sure reason is that the Enable password management option under Password management in the Configure Extensions page of your ADMA is not checked –see screenshot below.
We must enable password management to be able to utilise MIIS_CSObject::SetPassword which is what the Password Reset Action Workflow calls.