Your question has been submitted and is awaiting moderation.
This issue is on an upgraded 7.1.1 installation.
In web.config, the password format is set to Hashed and PasswordRetrieval=false
When a user clicks the Reset Password button, an email is sent to the user with a link, but the 'passwordResetToken' is always 00000000-0000-0000-0000-000000000000
From looking at the code it looks like this is supposed to be a GUID.
I can see in the DB table Users, the field is set to 00000000-0000-0000-0000-000000000000 and the PasswordResetExpiration is null.
What is going on here? The function seems to work fine on a new 7.1.1 installation. What am I missing?