locked
exchange 2016 expired password user unable to reset password to login to OWA RRS feed

  • Question

  • I have been trying to find information on this issue for a few weeks to no avail... everything was working when we were on Exchange 2010 but since we upgraded to 2016 this one feature is not working.

    I have 2 exchange servers in DAG.

    Both are being used as a load balance for the internet facing machine... in the previous server it was called the CAS server.

    The issue we are having is when a user is in the following classifications:
         - New User
         - AD Policies have determined the passwords have expired
         - IT Staff resets the user's password

    Those classifications are requiring the AD Attribute for the user to be enabled "User must change password at Login".

    When this is the case the end user has no means of changing their password via OWA.
    OWA Identifies the user needs a password change, and loads the page https://webmail.villagecommunities.com/owa/auth/expiredpassword.aspx

    This allows the user to enter their correct AD Login Credentials, OLD Password, and the New password they are wanting to change it to.

    This however is where everything ends... and yes all the information is entered correctly via UPN and SAM accounts even for those with differing email addresses. This page just keeps looping with the error:
          - The user name or password you entered isn't correct. Try entering it again.

    Each time the information is entered. Stopping the end user from being able to change their password.

    Is there any logs somewhere to aid in troubleshooting this problem, or does someone know a resolution....

    Bonus Question: is there a way to add 2 factor authentication to the OWA login? how?

    Thursday, January 26, 2017 3:56 AM

All replies

  • Hi,

    You may want to check AD logs, as this is changing the AD user password resets.

    In regards to the 2 factor authentication, there are 3rd party integration's which can assist.

    https://duo.com/docs/owa

    The above link is one of the integration which can assist.

    Regards,

    • Proposed as answer by Steve Fan Friday, February 3, 2017 8:31 AM
    Thursday, January 26, 2017 5:08 AM
  • Hello Mike,

    Welcome to the Microsoft Office for IT Professionals Outlook forum.

    Since this forum is for general questions and feedback related to Microsoft Outlook desktop client and your question is more related to Exchange server, I'd recommend you post a new question to forum dedicated to Exchange 2016 to get further assistance:

    https://social.technet.microsoft.com/Forums/office/en-US/home?forum=Exch2016GD

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Regards,

    Steve Fan


    Please remember to mark the replies as answers if they helped.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 27, 2017 3:20 PM
  • Thanks for the update everyone.

    I have learned in my research that OWA does a password reset against the SAM account and not the UPN account. If we use the UPN account aka (accountloginname@domain.com) it does not find the user account. However by using the SAM account (domain\accountloginname) it does work.

    So now the question is for Microsoft how can we get the UPN account to work on resetting users passwords?

    Tuesday, February 14, 2017 4:01 AM