Console/Client Codes

  • -1 General error
  • -2 Wrong version
  • -3 Operation cancelled
  • -4 Operation timeout
  • -5 Unknown archive version
  • -6 Invalid SID
  • -7 Service unavailable
  • -8 SMTP communication failed
  • -9 User blocked
  • -10 No profile
  • -11 Incorrect answer(s)
  • -12 License invalid (See "Adding a license key in SSRPM" or "Deleting a license key in SSRPM")
  • -13 Module not licensed
  • -14 Domain not licensed
  • -15 Server not specified
  • -16 Service unreachable
  • -17 Incorrect type
  • -18 Incorrect size
  • -19 Pointer is NULL
  • -20 Error cracking name
  • -21 OU excluded
  • -22 Incorrect answer index
  • -23 Immediate checking not allowed
  • -24 Unknown question
  • -25 Already exists
  • -26 Password reset has been disabled
  • -27 Unlock account has been disabled
  • -28 No question specified
  • -29 Connection blocked
Persistent -29 error

In some environments it is necessary to create an additional local user on the machine running the SSRPM service. This local user needs to have the same user name and password as the local user on the DMZ (IIS) and the domain user. Before trying this we recommend double checking the configuration described above and verifying that all required the ports are open. (https://www.tools4ever.com/resources/pdf/self-service-reset-password-management/ssrpm_web_interface_guide.pdf)  
Also make sure .Net 4.8 and all pending Windows Updates have been applied to the Web Server.
Check for the following GPO Policies to make sure they are not restricting RPC Communication:  

System/Remote Procedure Call

     Restrict Unauthenticated RPC clients Enabled

                 RPC Runtime Unauthenticated Client Restriction to Apply: None


  • -30 User does not have enough rights
  • -31 User access has been denied
  • -32 Admin access has been denied
  • -33 License code is corrupt
  • -34 The user has reset their password too many times in accordance with the SSRPM profile policy. (Look at Reset options in profile options)
  • -35 The license key is no longer supported
  • -36 The specified phone number is invalid
  • -37 The specified email address is invalid
  • -38 The advanced authentication (SMS or email) method has been disabled
  • -39 Unknown advanced authentication method
  • -40 Incorrect PIN code provided
  • -41 SMS bundle is invalid
  • -42 Invalid response received from SMS gateway
  • -43 Error sending SMS
  • -44 Incorrect encryption method used for Helpdesk Caller ID verification. Using this functionality requires the user's answers to be encrypted with the reversible encryption option enabled
  • -45 Helpdesk Caller ID verification is disabled
  • -46 Invalid account name
  • -47 Uninitialized data
  • -49 Offline logon not allowed
  • -53 Unable to authenticate user. This error means that there is no available means to reset the user's password i.e. no questions/answes, no e-mail address and no mobile phone number. If the advanced authentication sequence is enabled it usually means that the user is unable to collect sufficient credits due to a bad configuration.
  • -71 SMS not sent.  This is caused by SSRPM refusing to send an SMS to a user because they have gone over their daily quota as configured on the SMS tab in the Service Configuration.

Web Portal/Active Directory Errors

  • -60 Either the SSRPM license is missing the AD Self-Service module, or the module is disabled in the SSRPM profile.
  • -100 COM Communications Error
    • Missing or wrong version of COM object.  Make sure there is no old SSRPM COM DLL in the Windows\System32 folder, then re-register the COM DLL's.
    • Onboarding JSON Payload invalid
  • 87 Enrollment Error - Typically caused by using an older version of the website against a newer version of the SSRPM service.
  • 1168 User not in database or profile not assigned to user
  • 1265 Password cannot be changed, caused by Windows Updates:  KB3167679 & KB3177108.  Fix is to remove these and reboot the server hosting the SSRPM site and the SSRPM server.  This impacts previous  version of SSRPM (v6.73)
  • 1326 Unable to log in due to replication issues or bad password
  • 1329 AD "Log on To" setting on the Account tab restricts certain computers
  • 1331 Account disabled
  • 1332 AD User not found (Onboarding) 
  • 1460 SSL error while attempting to email report
  • 1715 Cannot communicate with SSRPM service (check config.asp)
  • 1793 AD account is expired
  • 1907 User not allowed to change password
  • 1909 Account locked out
  • 2245 Error when user tries to change password.  This error is caused if there is a Password Age requirement set in the GPO, and the user trying to change their password does not meet the requirement.
  • 0x8007052e, 0x8007202f - These errors are known to occur if the GPO Policy is preventing the password change, such as a Minimum Password Age > 0.
  • 0x80040154 - (Error creating CLSID_PCMCOM 1.1 interface. Class not registered.) - This is caused by setting the 'Show PW Complexity Rules' to PCM when PCM is not in the environment.