Your question has been submitted and is awaiting moderation.
Thank you for reporting this content, moderators have been notified of your submission.
This issue is on an upgraded 7.1.1 installation.
In web.config, the password format is set to Hashed and PasswordRetrieval=false
When a user clicks the Reset Password button, an email is sent to the user with a link, but the 'passwordResetToken' is always 00000000-0000-0000-0000-000000000000
From looking at the code it looks like this is supposed to be a GUID.
I can see in the DB table Users, the field is set to 00000000-0000-0000-0000-000000000000 and the PasswordResetExpiration is null.
What is going on here? The function seems to work fine on a new 7.1.1 installation. What am I missing?