locked
Password Change no longer working from externally after Windows Updates RRS feed

  • Question

  • Hi,

    in ADFS I enabled the password change feature. This was working fine for any device since KB3035025 either from the LAN and also from external through the Web Application Proxy. But since the last Windows Updates (the updates from September 13th are not yet installed) on our ADFS servers, this does no longer work from externally. As soon as the URL https://<servername>/adfs/portal/updatepassword is opened the page immediately throws an error message "An error occurred. Contact your administrator." When opening the URL within the LAN it openes just fine and I would be able to change passwords.

    There was no configuration change that I'm aware off except the installation of Windows Updates - but not yet the ones released on September 13th.

    I have another setup where the September 13th are also installed where I have the same issue. But on this setup I don't know if this was working before.

    Anyone else seeing issues with this?

    Regards,

    Frank

    Friday, September 23, 2016 7:23 PM

Answers

  • Hi Pierre,

    I checked the other thread and the referenced KB3179574. Under https://support.microsoft.com/en-us/help/24717/windows-8-1-windows-server-2012-r2-update-history I found the following ADFS related info for the update, that pointed me to the right direction:

    • Addressed issue that allows users to change a password from an external network via Wireless Application Protocol (WAP) when Proxy Enabled is set to No. This happens in an environment that uses Active Directory Federation Services (ADFS) and Web Application proxy (WAP) for authentication.

    I was not aware of a "Proxy Enabled" option in ADFS, so I checked the ADFS settings for the /adfs/portal/updatepassword/ endpoint. And there is an option "Proxy Enabled" and it was indeed set to "No". After setting it to "Yes", the password change is working again from externally.

    Thanks,

    Frank

    Friday, September 23, 2016 9:44 PM

All replies

  • https://social.technet.microsoft.com/Forums/windowsserver/en-US/630ed47d-b645-45cd-adab-a457db58960d/adfs-30-your-password-has-expired-type-your-updated-password-and-try-again?forum=ADFS

    This users claims that an update has broken it... I would be very curious to know if that is a similar case for you. Let us know!


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, September 23, 2016 8:46 PM
  • Hi Pierre,

    I checked the other thread and the referenced KB3179574. Under https://support.microsoft.com/en-us/help/24717/windows-8-1-windows-server-2012-r2-update-history I found the following ADFS related info for the update, that pointed me to the right direction:

    • Addressed issue that allows users to change a password from an external network via Wireless Application Protocol (WAP) when Proxy Enabled is set to No. This happens in an environment that uses Active Directory Federation Services (ADFS) and Web Application proxy (WAP) for authentication.

    I was not aware of a "Proxy Enabled" option in ADFS, so I checked the ADFS settings for the /adfs/portal/updatepassword/ endpoint. And there is an option "Proxy Enabled" and it was indeed set to "No". After setting it to "Yes", the password change is working again from externally.

    Thanks,

    Frank

    Friday, September 23, 2016 9:44 PM