OVERVIEW
Attempting to reset a password via Self-Service Password Reset (SSPR) feature of FIM 2010 R2, we receive an error 3000 and are not able to reset the password. In review of the Application Event Log we can see the following "Access Denied" message.
APPLICATION EVENT LOG
mscorlib: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)
FIM SERVICE TRACE LOG
WQL:SELECT * FROM MIIS_CSObject WHERE (Domain='DOM' AND Account='user1') or (FullyQualifiedDomain='DOM' AND Account=' user1') or (Domain='DOM' AND UserPrincipalName='user1') or (FullyQualifiedDomain='DOM' AND UserPrincipalName='user1')
CAUSE
From the WQL statement, we can see that we are accessing SQL Server. In this case we were using a SQL Server Alias to connect to the backend SQL Server. The SQL Server Alias was configured incorrectly.
RESOLUTION
Fixed the SQL Server Alias to reference the correct SQL Server