FIM 2010 R2 SP1 Password reset portal not checking Password history of the user

Hi All,

I have implemented Password reset portal in my test environment. Password reset is working fine but it accepts the old password. FIM password reset not checking Password history of the user.

Other password policy is working (example: password length check is working)

Kindly help me.

My Test environment:

Server 1:  Roles- Domain controller, Certificate Authority, Exchange [Win 2008 R2 SP1]

Server 2: FIM Sync, Service, Portal, Password registration & Reset portal. [FIM 2010 R2 SP1]

1. My password reset portal is not using SSL.
2. I have imported the root CA certificate in to the trusted certificate list of FIM Sync server.
3. Domain Controller (Server1) has Domain Controller server Certificate.
4. My ma name is AD MA
5. I have created the registry entry : [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMSynchronizationService\PerMAInstance\AD MA]”ADMAEnforcePasswordPolicy”=dword:00000001
6. I have tested the LDAP over SSL using ldp.exe as mention in the linkhttp://support.microsoft.com/kb/2443871

Result:

ld = ldap_sslinit("company.fimcompany.com", 636, 1);

Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);

Error 0 = ldap_connect(hLdap, NULL);

Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);

Host supports SSL, SSL cipher strength = 128 bits

Established connection to company.fimcompany.com.

Retrieving base DSA information...

Getting 1 entries:

Dn: (RootDSE)

configurationNamingContext: CN=Configuration,DC=fimcompany,DC=com;

currentTime: 6/20/2013 10:19:48 AM India Standard Time;

defaultNamingContext: DC=fimcompany,DC=com;

dnsHostName: Company.fimcompany.com;

domainControllerFunctionality: 4 = ( WIN2008R2 );

domainFunctionality: 4 = ( WIN2008R2 );

dsServiceName: CN=NTDS Settings,CN=COMPANY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fimcompany,DC=com;

forestFunctionality: 4 = ( WIN2008R2 );

highestCommittedUSN: 180333;

isGlobalCatalogReady: TRUE;

isSynchronized: TRUE;

ldapServiceName: fimcompany.com:company$@FIMCOMPANY.COM;

namingContexts (5): DC=fimcompany,DC=com; CN=Configuration,DC=fimcompany,DC=com; CN=Schema,CN=Configuration,DC=fimcompany,DC=com; DC=DomainDnsZones,DC=fimcompany,DC=com; DC=ForestDnsZones,DC=fimcompany,DC=com;

rootDomainNamingContext: DC=fimcompany,DC=com;

schemaNamingContext: CN=Schema,CN=Configuration,DC=fimcompany,DC=com;

serverName: CN=COMPANY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fimcompany,DC=com;

subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=fimcompany,DC=com;

supportedCapabilities (5): 1.2.840.113556.1.4.800 = ( ACTIVE_DIRECTORY ); 1.2.840.113556.1.4.1670 = ( ACTIVE_DIRECTORY_V51 ); 1.2.840.113556.1.4.1791 = ( ACTIVE_DIRECTORY_LDAP_INTEG ); 1.2.840.113556.1.4.1935 = ( ACTIVE_DIRECTORY_V61 ); 1.2.840.113556.1.4.2080;

supportedControl (29): 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.2.840.113556.1.4.801 = ( SD_FLAGS ); 1.2.840.113556.1.4.473 = ( SORT ); 1.2.840.113556.1.4.528 = ( NOTIFICATION ); 1.2.840.113556.1.4.417 = ( SHOW_DELETED ); 1.2.840.113556.1.4.619 = ( LAZY_COMMIT ); 1.2.840.113556.1.4.841 = ( DIRSYNC ); 1.2.840.113556.1.4.529 = ( EXTENDED_DN ); 1.2.840.113556.1.4.805 = ( TREE_DELETE ); 1.2.840.113556.1.4.521 = ( CROSSDOM_MOVE_TARGET ); 1.2.840.113556.1.4.970 = ( GET_STATS ); 1.2.840.113556.1.4.1338 = ( VERIFY_NAME ); 1.2.840.113556.1.4.474 = ( RESP_SORT ); 1.2.840.113556.1.4.1339 = ( DOMAIN_SCOPE ); 1.2.840.113556.1.4.1340 = ( SEARCH_OPTIONS ); 1.2.840.113556.1.4.1413 = ( PERMISSIVE_MODIFY ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST ); 2.16.840.1.113730.3.4.10 = ( VLVRESPONSE ); 1.2.840.113556.1.4.1504 = ( ASQ ); 1.2.840.113556.1.4.1852 = ( QUOTA_CONTROL ); 1.2.840.113556.1.4.802 = ( RANGE_OPTION ); 1.2.840.113556.1.4.1907 = ( SHUTDOWN_NOTIFY ); 1.2.840.113556.1.4.1948 = ( RANGE_RETRIEVAL_NOERR ); 1.2.840.113556.1.4.1974 = ( FORCE_UPDATE ); 1.2.840.113556.1.4.1341 = ( RODC_DCPROMO ); 1.2.840.113556.1.4.2026 = ( DN_INPUT ); 1.2.840.113556.1.4.2064 = ( SHOW_RECYCLED ); 1.2.840.113556.1.4.2065 = ( SHOW_DEACTIVATED_LINK ); 1.2.840.113556.1.4.2066 = ( POLICY_HINTS );

supportedLDAPPolicies (14): MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MinResultSets; MaxResultSetsPerConn; MaxNotificationPerConn; MaxValRange;

supportedLDAPVersion (2): 3; 2;

supportedSASLMechanisms (4): GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;

Enayathulla.S