When a user attempts to reset their password via the Advanced Logon GINA (via the "SOS" button) they may see the following errors:
"Operation failed because the reset password server is unreachable."
"Authentication Error: The new password is refused by your security directory because it does not respect the password policy"
If the users are able to reset their passwords via the Web interface, but not the "SOS" button, then this is usually a configuration issue on the "Emergency Access" tab of the access point security profile.
This problem is usually related to the URL that is entered in the "Reset password servers" of the "Emergency Access" tab of the access point security profile.
An example of such a misconfiguration is to enter the entire URL and not just the server name: