"The OIM server rejected the setPasswordRequest" Windows Event Log Message and IAM-3030006 OIM Error Appear When Synchronizing User Password by AD Password Synchronization, Due to Password History Policy (Doc ID 2148401.1)

Last updated on JUNE 12, 2016

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Identity Manager Connector - Version 9.1.1.5 and later
Information in this document applies to any platform.

Symptoms

The user password changes are being synchronized from from Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) by use of AD Password Synchronization which is one of the Oracle Identity Manager Connector.
The following warning and error messages appear when updating AD user password.

Windows Event log (Application Log):

* The above USERNAME and NN are different depending on environment or situation.

Each messages appear 7 times per updating password by default even if applying <Document 1273404.1> solution.
<Document 1273404.1> How To Prevent Looping With AD Password Sync Connector

Changes

This scenario is as below.

- Perform provisioning OIM users to AD by AD User Management Connector.
- Synchronize AD user password to OIM by AD Password Synchronization.
- Password history policy is set in both OIM and AD. For example, users are disallowed to use past 5 passwords.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms