Description:

I have configured Password Services, and it seems that when a user enters the wrong current password during password change process user is redirected with smauthreason 20 instead of 22. User does not get the message that the current password is incorrect.

How can I fix it?

Solution:

In order to get the right messages, you need to Add/Modify this registry setting in the Policy Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\DisallowForceLogin 0x1; REG_DWORD

And stop/start the Policy Server

Now during the Password Change process:

1. If the user enters a wrong current password, the smauthreason will be 22 and the message will say wrong current password;
   
   
2. If the user uses the correct current password but the new password doesn't respect the Password Policies, the smauthreason will always be 22 and the message will say bad new password.