I have configured Password Services, and it seems that when a user enters the wrong current password during password change process user is redirected with smauthreason 20 instead of 22. User does not get the message that the current password is incorrect.
How can I fix it?
In order to get the right messages, you need to Add/Modify this registry setting in the Policy Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\DisallowForceLogin 0x1; REG_DWORD
And stop/start the Policy Server
Now during the Password Change process: