Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Source: Attributes: Details: System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) CorrelationId: RequestId: ErrorCode: 3000
Enabling FIM Service tracing and reproducing the issue showed the FIM Service throwing an access denied error preceded by a WQL Query for the user attempting PW reset. The WQL Query looks something like
WQL:SELECT * FROM MIIS_CSObject WHERE (Domain='CONTOSO' AND Account='TestUser') or (FullyQualifiedDomain='CONTOSO' AND Account='TestUser') or (Domain='CONTOSO' AND UserPrincipalName='TestUser') or (FullyQualifiedDomain='CONTOSO' AND UserPrincipalName='TestUser')
Followed by an access denied error:
System.Management: System.Management.ManagementException: Access denied at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)