Not sure if I'm missing an option somewhere. As configured, password history checking is working when a user attempts to reset their password. However, the error message simply states:
Your password does not comply with configured password policies.
then prompts them to try again. It never actually states anything to the effect of "You can't use an old password" or similar.
Is there a way to indicate that prior to their second attempt?