Hi you all.
the last 2 days i am spending my time sorting this problem out.
I followed lots of Kb's and other resources but none of them result in a solution for me.
I have 2 windows 2003 mail servers with SP2 and exchange 2003 on them.
Its a front-end back-end configuration, with on the front-end OWA enabled.
We also configured SSL and FBA.
Users are able to change the password through OWA without any problems.
But when you are forced to change the password by AD you wil get an 403 forbidden error right after you entered the new password and hit enter.
So you can login fine, you will get the "you have to change your password" screen and you are able to put in new credentials, right after that it all goes wrong and a 403 forbidden page pops up.
i followed http://technet.microsoft.com/en-us/library/bb684904.aspx
also using domainname\username in the user field doesn't change anything
and i am sure these settings are correct:
-"Active Server Pages" under the web service extensions is Allowed
-Set the ChangepasswordFlags to 0
-Enable SSL on IISADMPWD virtual directory
users report this from inside and outside the lan..
Really don't know what to do anymore,
i know it must have something to do with the way users authenticate in IIS but just can't get it to work!
1. The issue only happens when forces the password change in the ADUC, right? The change works when the password has expired, or users manually change the password in OWA?
2. Has the force password change ever worked before?
3. Is there any error event in the application log on the exchange server when the issue occurred?
1. Please disable password changing and expiration notification
cscript.exe adsutil.vbs set w3svc/passwordchangeflags 6
2. Where do you set the passwordchangeflags to 0? If the value above doesn’t work either, please you may need to also enter the following
cscript adsutil.vbs set w3svc/<identifier>/PasswordChangeFlags 0
3. You will also want to configure the IISADMPWD virtual directory to run in ExchangeApplicationPool
4. Please enable the IIS log and reproduce the issue, see if there’s any relevant error info
5. Please see the “Troubleshooting” section in KB 297121
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact firstname.lastname@example.org
Excuse me been away unexptectly for a while.
1.yes thats true
3.No, no error event is logged in the event viewer.
1. done, doesn't do anything (this is set on the frontend server)
2. done, doesn't change anything
3.This was allready the case.
4. log allready enabed, no info
both links already tried..