Announcement

Collapse
No announcement yet.

HTTP Error 403 - Forbidden: Access is denied for OWA users whose password has expired

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTP Error 403 - Forbidden: Access is denied for OWA users whose password has expired

    Good afternoon

    I was trying to use my IIS to implement the OWA Change password as described
    in the microsoft articles KB297121 and KB833734.

    The result:
    I can change password as long as it hasn't expired yet. The user will logon
    to his OWA and go to options and change password successfully. This is working for both internal and external OWA users. However, for
    those whose passwords have already expired; or for new ones who I have chekced that Users Must Change Password on Next Logon, the change password does not succeed. I just get the "HTTP Error 403 - forbidden: Access is denied"

    I have searched the web and have seen a few blogs and forums that have discussed this shalowly but have not succeeded yet.
    I have even tried to use "Basic Authentication" only on the IISADMPWD virtual
    directory, enabled the Read and Run script for the same but still I get the
    403 error.

    My domain is setup as below:
    I have a Windows 2003 domain with all servers running on Windows Server 2003 Service Pack 1. I have ISA 2004 with service pack 2 and have done all the OWA publishing rules required for my OWA clients. I have been using the OWA and RPC over HTTP for the last 1 year and they are still working fine.

    The only problem has been that users can't change their passwords unless they logon to the VPN. Now, using the KB articles I mentioned above, users can also change their passwords before they expire

    All I need to now have working is for users whose passwords have expired before changing, or for new users, can also use this IIS feature to change the password.

    Has anyone succeeded in this? And what is the configuration I need to do?

    Thank you.

  • #2
    Re: HTTP Error 403 - Forbidden: Access is denied for OWA users whose password has expired

    Hi pking,

    One question : Do u have ssl certificae issues for your exchange server ?
    When you click on change password, it will redirect to a https://mailserver.com/iispwdadm/????.... link.
    If you dont have an ssl issued for your mailserver.com, then this link wont work and users are not able to change their password.

    I am facing the same prblm. I am trying to generate certificate for server without using CA authority like geotrust.com. Still not succeded.

    Please reply if this the problem or not. For more details pls refer my other post.

    Regards,
    hacktheworld_2k

    Comment


    • #3
      Re: HTTP Error 403 - Forbidden: Access is denied for OWA users whose password has expired

      hey pking,

      If you have prblm due to ssl certificate refer following links :

      Creating own SSL certificate to work with OWA.
      http://www.msexchange.org/tutorials/..._OWA_2003.html

      Using Free 3rd party SSL certificate to work with OWA.
      http://www.msexchange.org/tutorials/...rtificate.html



      Regards,
      hacktheworld_2k

      Comment


      • #4
        Re: HTTP Error 403 - Forbidden: Access is denied for OWA users whose password has expired

        Thanks for your reply.

        Yes am using SSL and the certificate issuer (CA server) is actually my mail server. Users have always use the https://mailserverpublishedname.co.ke/exchange to access their emails. I used the inbuilt server 2003 utility for the certificate generation. Now that I have published the IISADMPWD virtual dircetory, the change password request actually redirects users and they are able to change their password.

        However, when the password has already expired, when the OWA user attempts to login, they just get the HTTP 403 error instead of being redirected to the change password page.

        Comment


        • #5
          Re: HTTP Error 403 - Forbidden: Access is denied for OWA users

          Enable Anonymous access on your iisadmpwd , as for expired a/c they wont be able to access anyother authentication so enable anonynous along with you other authentication.

          This would solve your problem.

          Comment

          Working...
          X