Summary of Problem:
I am working on a site that has been successfully migrated from 3.7 to 7.0.
I changed security settings for BOTH Default and OpenAccessMembership37Provider Providers such that Passwords could be reset. I changed them to be identical. Ensuring all items are saved, I then log out of the back end and restart the application pool in IIS. Upon logging back in, I can reset passwords for users under the Default provider, but NOT OpenAccessMembership37Provider!
When I go back to double check security settings, the default are fine BUT the OpenAccessMembership37Provider Parameters are ALL reset back to default. Meaning that 'enablepasswordReset' is set to false, and 'recoverMailAddress' value is empty.
Tried numerous times, and confirmed this happens with random other OpenAccessMembership37Provider parameters as well (such as requireUniqueEmail).