This post covers one of two reasons that the FIM Service fails to reset a password and throws the error PWReset Activity could not connect to the directory. The other issue is described here.
A user of Forefront Identity Manager (FIM) 2010 or FIM 2010 R2 self-service password reset (SSPR) successfully authenticates the question and answer gate, inputs a new password and fails to successfully reset with the generic error “An error occurred when attempting to reset password, please try again”.
Upon inspection of the Forefront Identity Manager log in Event Viewer event ID 3 from Microsoft.ResourceManagement.Service with a description of “PWReset Activity could not connect to the directory” has been recorded.
The password reset action WF communicated with the FIM Synchronization Service but the password set operation failed. The reason? The Active Directory Management Agent (ADMA) is configured to run in a separate process. See screenshot below. The checkbox at the bottom of the properties page of the MA “Run this management agent in a separate process” must not be selected.
When an ADMA is configured to run in a separate process the password reset cannot set the password.
