locked
OWA 2007 password expiration notification not displayed RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    we have the following setup:
    (1) Exchange 2007 on Windows 2003 as Client Access Server 
    (2) Exchange 2007 on Server 2008 as Mailboxserver

    Users connecting to (1) via OWA don't get the "yellow bar" telling them that their password is going to expire.

    I cannot find a solution or cause to this - don't get me wrong:
    - Changing password via OWA works fine for users
    - Internal Windows Users are notified via local Windows XP Clients that their password is about to expire
    - I already learned, that users cannot change their password via OWA, once the password is already expired or set to "required to change at next login", unless fiddiling with IISPWDADM or setting up ISA-Server - this is not nice, but at least acceptable.

    However the notification in OWA is missing! So users don't know that they *must* change their passwords, resulting in expired password, locking users out of OWA!

    Both Exchange machines have SP1 Rollup 5 installed - german language (if that matters)

    A few months ago we had running Exchange 2007 CAS against Exchange 2003 Mailboxserver - resulting in OWA 2003 user experience - all worked fine!
    However it seems that since all users were moved over to Exchange 2007 mailbox server and exchange 2003 was removed from site, the notification doesn't work (anymore).
    I cannot say if the OWA 2007 notification ever worked before.

    I found the KB article http://support.microsoft.com/kb/937011/en-us about pwdLastSet - but since it's for Exchange 2003 i'm unsure if that could be a solution. However i've checked that pwdLastSet *is* member of the partitial Set and that pwdLastSet Attribute *ist* replicated to the GC (step 4) - so all should be fine!?

    Please help!
    Wednesday, December 17, 2008 10:33 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    Please confirm whether use can change password successfully by Option function in OWA.

    If so, I suppose that OWA virtual directory may be corrupted or change password
    flag marked to disable change password notification. Please follow steps below try to reset them,

    1. Recreate OWA virtual directory.
    a) Logon CAS server and open Exchange Management Shell.
    b) You can refer to the article below to run the following command:

    Remove-OwaVirtualDirectory "owa (default web site)"
    New-OwaVirtualDirectory -name "    owa" -OwaVersion Exchange2007 -WebSiteName "Default
    Web Site"

    Reset OWA related Virtual Directory

    http://support.microsoft.com/kb/941201/en-us

    2. Please run set-owavirtualdirectory to enable ChangePasswordEnabled. Run Set-casmailbox to enable OWAChangePasswordEnabled

    3. Mark the change password flag on CAS server,
    a) Open a command Windows, locate to C:\Inetpub\AdminScripts
    b) Running the following command:

    cscript adsutil.vbs set w3svc\PasswordChangeFlags 0

    If all the steps above do not help, then please try to re-install CAS role.

    Note: Before that ,please backup settings on CAS, such as internal URL and external URL, etc.

    Hope it helps.

    Xiu

    • Proposed as answer by Xiu Zhang Tuesday, December 30, 2008 9:26 AM
    • Marked as answer by Xiu Zhang Monday, January 5, 2009 5:03 AM
    Friday, December 19, 2008 7:23 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    Please confirm whether use can change password successfully by Option function in OWA.

    If so, I suppose that OWA virtual directory may be corrupted or change password
    flag marked to disable change password notification. Please follow steps below try to reset them,

    1. Recreate OWA virtual directory.
    a) Logon CAS server and open Exchange Management Shell.
    b) You can refer to the article below to run the following command:

    Remove-OwaVirtualDirectory "owa (default web site)"
    New-OwaVirtualDirectory -name "    owa" -OwaVersion Exchange2007 -WebSiteName "Default
    Web Site"

    Reset OWA related Virtual Directory

    http://support.microsoft.com/kb/941201/en-us

    2. Please run set-owavirtualdirectory to enable ChangePasswordEnabled. Run Set-casmailbox to enable OWAChangePasswordEnabled

    3. Mark the change password flag on CAS server,
    a) Open a command Windows, locate to C:\Inetpub\AdminScripts
    b) Running the following command:

    cscript adsutil.vbs set w3svc\PasswordChangeFlags 0

    If all the steps above do not help, then please try to re-install CAS role.

    Note: Before that ,please backup settings on CAS, such as internal URL and external URL, etc.

    Hope it helps.

    Xiu

    • Proposed as answer by Xiu Zhang Tuesday, December 30, 2008 9:26 AM
    • Marked as answer by Xiu Zhang Monday, January 5, 2009 5:03 AM
    Friday, December 19, 2008 7:23 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Yes changing password via OWA Options does work!

    I will try to recreate OWA virtual directory (your suggestion 1) on next maintenance ...

    Regarding your other suggestions:

    ChangePasswordEnabled ist TRUE on get-owavirtualdirectory - and OWAChangePasswordEnabled is null on get-Casmailbox, which seems to be the same as TRUE! So both settings shoud be quite okay!?

    The IIS PasswordChangeFlags was indeed 6 (not 0) blocking Password Changes - however setting it to 0 and Restarting IIS did not solve the problem!

    I also tried to set:

    adsutil.vbs set w3svc/1/PasswordExpirePreNotifyDays 14   

    But that also did not change anyting!


    Maybe on next maintenance, i can reinstall CAS role!

    Kind Regards, Martin.

    Friday, December 19, 2008 9:00 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    How is the issue now?

    Xiu
    Thursday, December 25, 2008 3:12 AM