A user goes to the SSPR reset portal. The questions are answered and the new password entered twice. The user receives the following error in the portal. Error while attempting to reset password.
NOTE: The password is actually reset in active directory.
Two variables contribute to this issue. One, an invalid (demoted, removed, etc.) domain controller must be configured in the AD MA as a preferred DC. The "only use preferred domain controllers" option need not be enabled. Secondly, the invalid DC needs a corresponding A (host) record in DNS. If both of these incorrect configurations are present the issue occurs.
Remove at least one of the misconfigured items.
An RFC was filed with the product group. This is not a bug since it requires multiple configuration issues in the environment.