Cannot change password through ISA 2006 FBA (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


hla123 -> Cannot change password through ISA 2006 FBA (20.Sep.2006 7:33:57 PM)

Hi, we have a dual NIC ISA 2006 Standard with an Exchange 2003 single server setup. I have published OWA with FBA. It works fine but when i try to change the password after logging in to the FBA page a error occures displaying on page:
"An error occurred while trying to change the password. Please contact
technical support for your organization."
It works if you access the "Change Password" option in OWA -->Options, but not on the owa logon screen!!

ISA Server is member of target domain, no AD or DNS problems, the eventlogs is empty. Ideas ?
Regards,
Henrik




tshinder -> RE: Cannot change password through ISA 2006 FBA (21.Sep.2006 6:41:03 PM)

Hi Henrik,

Did you enable password changing in the Web Publishing Rule?

Thanks!
Tom




hla123 -> RE: Cannot change password through ISA 2006 FBA (21.Sep.2006 6:48:15 PM)

Hi!
Yes, we have enabled both "change password" and "display notification when password expires". The options do show up on the logon page and you get the option to type in the new password. But when we click "ok" it generates the above message.

Regards,
Henrik




alans -> RE: Cannot change password through ISA 2006 FBA (21.Sep.2006 7:37:58 PM)

Hi,

I had a problem before where people couldn't change their passwords through their workstations only when the password expired could they change it. Someone changed the secuirty settings on AD to not allow users changing their passwords.

I'm geussing they can change their password on the local network? If not maybe it could be a the security issue on AD.

regards,

Alan 




hla123 -> RE: Cannot change password through ISA 2006 FBA (22.Sep.2006 9:20:29 AM)

Hi, the users are able to change passwords in the network, and even through OWA --> Options --> Change Password option (IISADMPWD), but not directly at the FBA login interface.




tshinder -> RE: Cannot change password through ISA 2006 FBA (22.Sep.2006 3:27:01 PM)

Hi Henrik,

Is the ISA Firewall a domain member?

Thanks!
Tom




hla123 -> RE: Cannot change password through ISA 2006 FBA (22.Sep.2006 5:40:58 PM)

Hi Tom.
Yes, the ISA firewall is a domain member.




tshinder -> RE: Cannot change password through ISA 2006 FBA (23.Sep.2006 5:08:31 PM)

Hi Henrik,

OK, go it.

How are you delegating authentication?

Thanks!
Tom




hla123 -> RE: Cannot change password through ISA 2006 FBA (23.Sep.2006 5:16:56 PM)

Hi, we are using SSL with Basic Authentication.




tshinder -> RE: Cannot change password through ISA 2006 FBA (23.Sep.2006 5:20:16 PM)

Hi Henrik,

It really should work! I was testing the password change feature last week and it worked fine. Although, I have to say that it seemed a bit inconsistent. For example, I tried to change the Administrator's password and it would not work. Then I created a new user and that seemed to work. It even allowed me to create a new user, configure the acct to require a password change on first log on, and the password change notification showed in the FBA screen and the password change worked fine.

Tom




TomG -> RE: Cannot change password through ISA 2006 FBA (25.Sep.2006 2:33:21 PM)

Hi,

I had the same problem. But now it works fine.
You need LDAPS on your DC. Please have a look at http://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx#AppendixB.
You need also perform the steps from KB321051.

Good Luck!
Tom




tshinder -> RE: Cannot change password through ISA 2006 FBA (25.Sep.2006 4:16:44 PM)

Hi Tom,

Yes, that's being covered in my article series on this site.

I guess I just assumed that LDAPS was being used.

Thanks!
Tom




hla123 -> RE: Cannot change password through ISA 2006 FBA (28.Sep.2006 4:50:17 PM)

Hi guys. thanks for your replies. I will immediatly try this. I get back with the results :-)

Regards,
Henrik




alans -> RE: Cannot change password through ISA 2006 FBA (30.Sep.2006 5:25:13 PM)

Hi all,

I've got a different problem. My config:

I've got ISA 2006 in a single NIC config. Using LDAPS published to two front-end server with the web farm function. Exchange back-end running on DC and have certsrv installed.

I've got forms based authentication with the option to change passwords. The single nic ISA is in a dmz installed on a domain controller with CSS and a DC. We are planning to add another ISA 2006 machine for NLB which will also have DC and CSS running.

Everything thing seems fine rpc over https is working and OWA and OMA. Haven't tried active-sync yet but sure it will work.

The LDAPS rule is using a normal user account to check the status of the account.

When the user tries to change his password it gets denied with the following:
"The password supplied does not meet the minimum complexity requirements. Please try again"

The user is able to change his password on the desktop without anyproblems.

Any ideas.

Regards,

Alans




hla123 -> RE: Cannot change password through ISA 2006 FBA (3.Oct.2006 3:27:47 PM)

Hi Tom x2!
It workes like a charm now. Thanks alot for your support!!!

Regards,
Henrik




frankenstein897 -> RE: Cannot change password through ISA 2006 FBA (18.Jun.2007 10:16:02 AM)

So, to fix this you had to install a CA and enable LDAPS on all of the domain controllers?  Even though it was joined to the domain? The URL mentioned using LDAP to authenticate, I am use Active Directory.




tshinder -> RE: Cannot change password through ISA 2006 FBA (19.Jun.2007 9:47:18 AM)

Hi Frank,

It should work with domain membership, since domain membership is security best practice. I'm almost sure this will work -- let me check today.

Tom




nkuchman -> RE: Cannot change password through ISA 2006 FBA (20.Jun.2007 5:15:43 PM)

ISA 2006 Standard / Domain member / LDAPS enabled to allow password.  Before enabling LDAP authentication forms logon was fast(half second) after enabling LDAPS authentication same form logon take 15 seconds. Does this sound like a configuration problem or is this normal?




espsgroup -> RE: Cannot change password through ISA 2006 FBA (21.Jun.2007 3:05:30 PM)

I have the same issue, I'm unable to change passwords at the ISA 2006 / OWA login screen due to "complexity issues". I was previously having trouble changing inside OWA but I added /IISADMPWD/* to the paths and made the appropriate IIS directories and registry changes on my Exchange servers.

We're using FBA with Active Directory so I don't have LDAPS to implement (or at least, I haven't enabled it). I double-checked that the listener is configured to allow password changing through ISA.

Any ideas?

The one thing I see that could be getting in the way is our ISA server is joined to a different domain than our internal users log into (and of which Exchange is a part of). It's part of an extranet domain which has one-way trust established with the internal domain. This ISA server was originally intended for our Sharepoint extranet, but I added a third interface and am using it for Exchange also. The ISA server physically has interfaces in the extranet as well as the internal (and thus has rules for each), but it authenticates via the extranet Active Directory. The extranet domain controllers have a one-way trust established to my internal domain controllers. Is there anything else that would need to be configured to allow password changing in this type of a scenario?


Thanks!

Jeff




ThijsD -> RE: Cannot change password through ISA 2006 FBA (26.Jun.2007 9:42:17 AM)

Hi Tom

Have you already had the time to check if LDAP over SSL is really necessary for the password management option to work, even if the ISA server is a domain member?

I have an ISA 2006 that is a domain member and I can't seem to get the password change to work succesfully... (I don't have LDAP over SSL configured)

Thank you
Best regards





Page: [1] 2 3 4   next >   >>