• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cannot change password through ISA 2006 FBA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Cannot change password through ISA 2006 FBA Page: [1] 2 3 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
Cannot change password through ISA 2006 FBA - 20.Sep.2006 7:33:57 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi, we have a dual NIC ISA 2006 Standard with an Exchange 2003 single server setup. I have published OWA with FBA. It works fine but when i try to change the password after logging in to the FBA page a error occures displaying on page:
"An error occurred while trying to change the password. Please contact
technical support for your organization."
It works if you access the "Change Password" option in OWA -->Options, but not on the owa logon screen!!

ISA Server is member of target domain, no AD or DNS problems, the eventlogs is empty. Ideas ?
Regards,
Henrik


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga
Post #: 1
RE: Cannot change password through ISA 2006 FBA - 21.Sep.2006 6:41:03 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Henrik,

Did you enable password changing in the Web Publishing Rule?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hla123)
Post #: 2
RE: Cannot change password through ISA 2006 FBA - 21.Sep.2006 6:48:15 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi!
Yes, we have enabled both "change password" and "display notification when password expires". The options do show up on the logon page and you get the option to type in the new password. But when we click "ok" it generates the above message.

Regards,
Henrik


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to tshinder)
Post #: 3
RE: Cannot change password through ISA 2006 FBA - 21.Sep.2006 7:37:58 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Hi,

I had a problem before where people couldn't change their passwords through their workstations only when the password expired could they change it. Someone changed the secuirty settings on AD to not allow users changing their passwords.

I'm geussing they can change their password on the local network? If not maybe it could be a the security issue on AD.

regards,

Alan 

(in reply to hla123)
Post #: 4
RE: Cannot change password through ISA 2006 FBA - 22.Sep.2006 9:20:29 AM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi, the users are able to change passwords in the network, and even through OWA --> Options --> Change Password option (IISADMPWD), but not directly at the FBA login interface.


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to alans)
Post #: 5
RE: Cannot change password through ISA 2006 FBA - 22.Sep.2006 3:27:01 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Henrik,

Is the ISA Firewall a domain member?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hla123)
Post #: 6
RE: Cannot change password through ISA 2006 FBA - 22.Sep.2006 5:40:58 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi Tom.
Yes, the ISA firewall is a domain member.


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to tshinder)
Post #: 7
RE: Cannot change password through ISA 2006 FBA - 23.Sep.2006 5:08:31 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Henrik,

OK, go it.

How are you delegating authentication?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hla123)
Post #: 8
RE: Cannot change password through ISA 2006 FBA - 23.Sep.2006 5:16:56 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi, we are using SSL with Basic Authentication.


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to tshinder)
Post #: 9
RE: Cannot change password through ISA 2006 FBA - 23.Sep.2006 5:20:16 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Henrik,

It really should work! I was testing the password change feature last week and it worked fine. Although, I have to say that it seemed a bit inconsistent. For example, I tried to change the Administrator's password and it would not work. Then I created a new user and that seemed to work. It even allowed me to create a new user, configure the acct to require a password change on first log on, and the password change notification showed in the FBA screen and the password change worked fine.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hla123)
Post #: 10
RE: Cannot change password through ISA 2006 FBA - 25.Sep.2006 2:33:21 PM   
TomG

 

Posts: 1
Joined: 25.Sep.2006
Status: offline
Hi,

I had the same problem. But now it works fine.
You need LDAPS on your DC. Please have a look at http://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx#AppendixB.
You need also perform the steps from KB321051.

Good Luck!
Tom

(in reply to tshinder)
Post #: 11
RE: Cannot change password through ISA 2006 FBA - 25.Sep.2006 4:16:44 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Tom,

Yes, that's being covered in my article series on this site.

I guess I just assumed that LDAPS was being used.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to TomG)
Post #: 12
RE: Cannot change password through ISA 2006 FBA - 28.Sep.2006 4:50:17 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi guys. thanks for your replies. I will immediatly try this. I get back with the results :-)

Regards,
Henrik


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to tshinder)
Post #: 13
RE: Cannot change password through ISA 2006 FBA - 30.Sep.2006 5:25:13 PM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Hi all,

I've got a different problem. My config:

I've got ISA 2006 in a single NIC config. Using LDAPS published to two front-end server with the web farm function. Exchange back-end running on DC and have certsrv installed.

I've got forms based authentication with the option to change passwords. The single nic ISA is in a dmz installed on a domain controller with CSS and a DC. We are planning to add another ISA 2006 machine for NLB which will also have DC and CSS running.

Everything thing seems fine rpc over https is working and OWA and OMA. Haven't tried active-sync yet but sure it will work.

The LDAPS rule is using a normal user account to check the status of the account.

When the user tries to change his password it gets denied with the following:
"The password supplied does not meet the minimum complexity requirements. Please try again"

The user is able to change his password on the desktop without anyproblems.

Any ideas.

Regards,

Alans

(in reply to hla123)
Post #: 14
RE: Cannot change password through ISA 2006 FBA - 3.Oct.2006 3:27:47 PM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi Tom x2!
It workes like a charm now. Thanks alot for your support!!!

Regards,
Henrik


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga

(in reply to alans)
Post #: 15
RE: Cannot change password through ISA 2006 FBA - 18.Jun.2007 10:16:02 AM   
frankenstein897

 

Posts: 34
Joined: 11.Apr.2007
Status: offline
So, to fix this you had to install a CA and enable LDAPS on all of the domain controllers?  Even though it was joined to the domain? The URL mentioned using LDAP to authenticate, I am use Active Directory.

(in reply to hla123)
Post #: 16
RE: Cannot change password through ISA 2006 FBA - 19.Jun.2007 9:47:18 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Frank,

It should work with domain membership, since domain membership is security best practice. I'm almost sure this will work -- let me check today.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to frankenstein897)
Post #: 17
RE: Cannot change password through ISA 2006 FBA - 20.Jun.2007 5:15:43 PM   
nkuchman

 

Posts: 2
Joined: 12.Jun.2007
Status: offline
ISA 2006 Standard / Domain member / LDAPS enabled to allow password.  Before enabling LDAP authentication forms logon was fast(half second) after enabling LDAPS authentication same form logon take 15 seconds. Does this sound like a configuration problem or is this normal?

(in reply to tshinder)
Post #: 18
RE: Cannot change password through ISA 2006 FBA - 21.Jun.2007 3:05:30 PM   
espsgroup

 

Posts: 16
Joined: 11.May2007
Status: offline
I have the same issue, I'm unable to change passwords at the ISA 2006 / OWA login screen due to "complexity issues". I was previously having trouble changing inside OWA but I added /IISADMPWD/* to the paths and made the appropriate IIS directories and registry changes on my Exchange servers.

We're using FBA with Active Directory so I don't have LDAPS to implement (or at least, I haven't enabled it). I double-checked that the listener is configured to allow password changing through ISA.

Any ideas?

The one thing I see that could be getting in the way is our ISA server is joined to a different domain than our internal users log into (and of which Exchange is a part of). It's part of an extranet domain which has one-way trust established with the internal domain. This ISA server was originally intended for our Sharepoint extranet, but I added a third interface and am using it for Exchange also. The ISA server physically has interfaces in the extranet as well as the internal (and thus has rules for each), but it authenticates via the extranet Active Directory. The extranet domain controllers have a one-way trust established to my internal domain controllers. Is there anything else that would need to be configured to allow password changing in this type of a scenario?


Thanks!

Jeff

(in reply to nkuchman)
Post #: 19
RE: Cannot change password through ISA 2006 FBA - 26.Jun.2007 9:42:17 AM   
ThijsD

 

Posts: 21
Joined: 31.Aug.2005
Status: offline
Hi Tom

Have you already had the time to check if LDAP over SSL is really necessary for the password management option to work, even if the ISA server is a domain member?

I have an ISA 2006 that is a domain member and I can't seem to get the password change to work succesfully... (I don't have LDAP over SSL configured)

Thank you
Best regards


(in reply to tshinder)
Post #: 20

Page:   [1] 2 3 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Cannot change password through ISA 2006 FBA Page: [1] 2 3 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts