We have an issue where our AD driver (IDM 3.6.1, latest patch revision)
is talking to a 2008R2 Domain Controller via a Remote Loader.

Most of the time a password reset is fine but some users seem to get a
generateKeyPair -16008 UNKNOWN ERROR error as per the below trace from
the Remote Loader and Windows Event Logs. Traces of the actual event are
useless as this occurs after an event is successful and comes back from AD.

I'm guessing its a password policy error, but I cant find any info at
all on the generateKeyPair -16008 UNKNOWN ERROR and what it means.

Does anyone know what the error means or how I can find out what the
error means exactly?

Driver: \IDTREE\XXX\resources\IDM\XXXDriverSet\Active Directory-AD-XXX
Thread: Publisher Channel
Object:
Message: Code(-9010) An exception occurred: novell.jclient.JCException:
generateKeyPair -16008 UNKNOWN ERROR<operation-data>
<password-publish-status>
<association>a3473a0efa280544aeef9f5103b60610</association>
</password-publish-status>
</operation-data>
<application>DirXML</application>
<module>Active Directory-AD-XXX</module>
<object-dn>CN=xxx,OU=Users,OU=xxx,OU=xxx,OU=xxx,DC=xx,DC=x x,DC=XXX
(XXX\Users\Workforce\xxxxxxx)</object-dn>
<component>Publisher</component>