locked
Exchange ActiveSync user password change delay RRS feed

  • Question

  • Hi all, we are using Exchange 2007 for our email solution. Exchange sits on one server running the Hub Transport role, we use a second separate server to run the CAS role (so we can use OWA and have email on our mobile devices - ActiveSync). We also use this server for our Blackberry’s (BES).

    If I change a user’s domain password on our Active Directory Domain Controller, obviously that new password applies for their Exchange mailbox. However, users can still send and receive email on their mobile device, it hasn't prompted them to use a difference password, and they haven't manually updated the password on the phones mail settings.

    It seems like the new password doesn't get pushed up to the OWA server, and / or out to the phones. Meaning if someone loses their phone and asks for a password change as a security check it doesn't stop mailbox access.

    I've run an IISRESET on our OWA server, the test phone we are using then popped up an Authorisation failure, but this could be either coincidence that the IIS service was down when the phone tried to connect, or that the phone couldn't authorise because the password was wrong. Note the password was changed about 6 days ago, so it isn't like I'm waiting for a 15 min time frame to expire as the token was passed.

    Appreciate any help.


    Wednesday, November 9, 2011 3:07 PM

Answers

All replies

  • Meaning if someone loses their phone and asks for a password change as a security check it doesn't stop mailbox access.

    Hi Harry,

    Usually, if someone loses his phone, he can remote wipe his device.

    Managing your Active Sync Device from Outlook Web Access in Exchange 2007 SP1

    http://blogs.technet.com/b/exchange/archive/2007/05/30/3402915.aspx

    About password issue, please set the value to 1 as following KB said.

    Changing the Default Interval for User Tokens in IIS

    http://support.microsoft.com/kb/152526

    Frank Wang

    • Marked as answer by emma.yoyo Wednesday, November 16, 2011 1:39 AM
    Friday, November 11, 2011 7:32 AM
  • Hi Harry,

    Any updates?

    Frank Wang

    Monday, November 14, 2011 2:13 AM
  • Hi Frank / MS supports,

    Sorry for interrupting, but I just noticed that our company also have this issue.  We use Exchange 2010, and we found that if the domain users changed their password from their office workstations, their mobile devices can still access the email services.

    I had  added the registry key, and then restart the IIS Admin Services, but this doesn't seem to resolve it.  do you mind to continue this thread for further analysis?  thank you kindly.

    Monday, November 26, 2012 9:28 AM