When running Web Agent, if a user gives the wrong login password when trying to change its password through a Custom Password Services Page, then the browser comes back to the Login Page and not on the Custom Change Password Page.

The browser sends a valid SMSESSION cookie.

PWS.fcc is in use to submit the new password:

@User=%User%
@username=%urldecode(User)%
@smretries=0

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>

PWS.fcc is an old deprecated part of the password services which was originally used by the deprecated smpwservicescgi (1).

The DisallowForceLogin Registry Key that is related to the above behavior (2).

Note that out of the box smpwservices.fcc is the default password service, and DisallowForceLogin will only give a precise message to the smpwservices.fcc.

By default, if the old password is wrong, the browser will be redirected to smpwservices.fcc even without DisallowForceLogin configured.

Set the DisallowForceLogin to 1 in the Policy Server to solve this issue.

1. smpwservicescgi.exe cannot be found in Web Agent
   
   
2. Incorrect Password Message Does Not Appear