Announcement

Collapse
No announcement yet.

"Users must change password.." OWA users cannot change pswd from "inside" firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Users must change password.." OWA users cannot change pswd from "inside" firewall

    Hello All,

    I am facing a wierd problem: I just enabled the "Password Change" functionality in OWA on our Exchange 2003 server (more details below). Almost everything is working fine; I followed articles KB297121, KB833734 and http://www.petri.com/enable_password...hange_2003.htm. Users can now change their domain passwords by logging in to OWA, then using Options > Password Change button.

    However, when users whos AD accounts are set with "Users must change password at next logon" option try logging in to OWA, they cannot login or even get to the password change page from "inside" the firewall. The OWA login window just sits there and after 3 login attempts, opens a webpage with "Error: Access is Denied" message (nothing else, no error code). This surprisingly works perfectly fine from anywhere outside the firewall; users are automatically redirected to the password change page with the text "Your password has expired. You can change it now." and with the fields: Account, Old password, New password and Confirm new password.

    The server is a single Windows 2003 Ent SP2/Exchange 2003 Ent SP2 box (had been upgraded a year ago from Win 2000/Exch 2000). OWA is using SSL of course; FBA is not used.
    General settings on the IISADMPWD virtual directory are as follows:
    1. Anonymous Authentication is disabled; Basic Authentication only is enabled.
    2. The Application Pool is "ExchangeApplicationPool"
    3. There was no "davex.dll" file in my environment to begin with

    All other settings, such as the registry setting, IIS Metabase settings, etc. are all set correctly.

    This is baffling me.. if it works from outside the firewall, why doesnt it work from inside..!!? Does some component of OWA work differently depending on which side of the firewall you are on?! By the way, the firewall has only ports 88 and 443 open for the Exchange server IP (yes, thats 88, NOT 80; I dont know what 88 is actually being used for, this was set by the previous guy). I even tried turning OFF the Windows firewall on my computer for a minute, but still couldnt get the password change page for the test account I am using set with "User must change password...".

    Any help/suggestions are greatly appreciated..!
    Thanks a LOT in advance..!

  • #2
    Re: "Users must change password.." OWA users cannot change pswd from "inside" firewal

    I am also having similar issues. Has there been an update on this?

    Comment


    • #3
      Re: "Users must change password.." OWA users cannot change pswd from "inside" firewal

      The only thing i can think of here user inside the firewall and outside the firewall would be. Inside the firewall they also have windows integrated authentication where as outside they will be authenticated based on what is specified on virtual directory

      may be this will give you some clues
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment


      • #4
        Re: "Users must change password.." OWA users cannot change pswd from "inside" firewal

        I never got the "User must change password" option to work, but internal users could change password by go to the Options page in OWA. I am in the middle of migrating that server to different hardware; I will get back here if I get this to work on the new server.

        Thanks guys..
        VS.

        Comment


        • #5
          Re: "Users must change password.." OWA users cannot change pswd from "inside" firewal

          Originally posted by svinay23 View Post
          This is baffling me.. if it works from outside the firewall, why doesnt it work from inside..!!? Does some component of OWA work differently depending on which side of the firewall you are on?! By the way, the firewall has only ports 88 and 443 open for the Exchange server IP (yes, thats 88, NOT 80; I dont know what 88 is actually being used for, this was set by the previous guy). I even tried turning OFF the Windows firewall on my computer for a minute, but still couldnt get the password change page for the test account I am using set with "User must change password...".

          Any help/suggestions are greatly appreciated..!
          Thanks a LOT in advance..!
          Maybe your firewall are the problem?

          I don't know which firewall you're on. But ie. a Sonicwall, you have to chooce: - "from * - to LAN" instead of "from WAN - to LAN" in the NAT/access rules, to make OWA work from the LAN (With the external hostname). I think the "feature" is called NAT loopback, maybe there is something in youre firewall documentation.
          Best regards,
          Carsten.

          Comment

          Working...
          X