Exchange 2003 OWA password reset when password is expired fails.


  • Hi you all.
    the last 2 days i am spending my time sorting this problem out.
    I followed lots of Kb's and other resources but none of them result in a solution for me.
    I have 2 windows 2003 mail servers with SP2 and exchange 2003 on them.
    Its a front-end back-end configuration, with on the front-end OWA enabled.
    We also configured SSL and FBA.
    Users are able to change the password through OWA without any problems.
    But when you are forced to change the password by AD you wil get an 403 forbidden error right after you entered the new password and hit enter.
    So you can login fine, you will get the "you have to change your password" screen and you are able to put in new credentials, right after that it all goes wrong and a 403 forbidden page pops up.
    i followed

    also using domainname\username in the user field doesn't change anything
    and i am sure these settings are correct:
    -"Active Server Pages" under the web service extensions is Allowed
    -Set the ChangepasswordFlags to 0
    -Enable SSL on IISADMPWD virtual directory
    -regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll

    users report this from inside and outside the lan..

    Really don't know what to do anymore,
    i know it must have something to do with the way users authenticate in IIS but just can't get it to work!
    Thursday, November 26, 2009 3:23 PM

All replies

  • Check info:

    1.      The issue only happens when forces the password change in the ADUC, right? The change works when the password has expired, or users manually change the password in OWA?

    2.      Has the force password change ever worked before?

    3.      Is there any error event in the application log on the exchange server when the issue occurred?


    1.      Please disable password changing and expiration notification

    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 6

    2.      Where do you set the passwordchangeflags to 0? If the value above doesn’t work either, please you may need to also enter the following

    cscript adsutil.vbs set w3svc/<identifier>/PasswordChangeFlags 0

    3.      You will also want to configure the IISADMPWD virtual directory to run in ExchangeApplicationPool

    4.      Please enable the IIS log and reproduce the issue, see if there’s any relevant error info

    5.      Please see the “Troubleshooting” section in KB 297121

    "HTTP Error 403" Error Message When Password Changed with OWA or Iisadmpwd

    The PasswordChangeFlags metabase property may be set to 6 in IIS 6

    James Luo
    TechNet Subscriber Support (
    If you have any feedback on our support, please contact
    • Marked as answer by Alan.Gim Tuesday, December 08, 2009 3:58 AM
    • Unmarked as answer by Alan.Gim Tuesday, December 15, 2009 9:26 AM
    Friday, November 27, 2009 6:33 AM
  • any update?
    James Luo
    TechNet Subscriber Support (
    If you have any feedback on our support, please contact
    Wednesday, December 02, 2009 1:07 AM
  • Excuse me been away unexptectly for a while.
    the update:
    1.yes thats true
    3.No, no error event is logged in the event viewer.

    Troubleshooting update:
    1. done, doesn't do anything (this is set on the frontend server)
    2. done, doesn't change anything
    3.This was allready the case.
    4. log allready enabed, no info

    both links already tried..
    no succes.
    Tuesday, December 15, 2009 9:13 AM
  • Hi All..


    This is my first post here.. Has the above issue resolved some how? I am having this issue on Windows 2003 R2 SP2/Exchange 2003 SP2.. Any help would be hihly appreciated..


    Thank you all

    Tuesday, August 03, 2010 2:55 PM