Tom: I don't see any reference to the ability to change the passwords after implementing this update. Will I only see it if the password is expiring or must be changed (expired)?
When we used Exchange Server 2003 under ISA Server 2006 the firewall would warn me well in advance that my password was expiring and give me the opportunity to change it.. Changing to Exchange Server 2007 or some other modification has caused us to lose this ability. Now if a password is expired the firewall will just deny the logon without presenting the option to change the password.
I apologize for the ambiguity, but by "update" I meant configuring the ISA firewall to support LDAP authentication.
I fixed that particular issue by enabling the password management features on the listener for OWA. I had neglected to do this for my new server.
I have another problem, though. When I enable the functionality to change passwords and notify of expiration of passwords it takes about 25 seconds to login. As soon as I disable this feature I can login instantly. What is causing this delay? I saw your notes about how to deal with slow logins, but I am not sure any of those scenarios apply.
My ISA is not part of the domain and therefore uses LDAPS (without GC, to allow password management in FBA). It maps * to the right DC which works fine for all users that login with DOMAIN\USER. In fact, the ISA authentication ticket is recognized as a ticket destined for the internal domain DOMAIN.LOCAL.
That is why I'm having problems with the Outlook Autodiscover, since the users then login using their UPN, but using the external domain DOMAIN.COM instead of DOMAIN.LOCAL.
My question, therefore, is whether there is a solution for this, either:
configuring the AD to accept requests for DOMAIN.COM
configuring the ISA server to change the domain in its request to the LDAPS server?
I can't imagine to be the only one running into this issue, so I'm probably overlooking a very simple solution here
Edit: the solution was simple indeed - I'll post it in the thread mentioned above.
< Message edited by Arcesilaus -- 3.Sep.2008 6:08:06 PM >