While I love OWA, I despise the IISADMPWD utilities used for password management in IIS and OWA. While we’ve had problems with some of our mail-only users changing their password in OWA for months, it hasn’t been a priority to get it fixed. While downloading some new drivers today, I finally stumbled on MS KB 894825. One of the first things it states for IIS6 is the ensure you have the latest version of the IISADMPWD files. Well I don’t, so I have to contact Microsoft to get a hotfix for the files.
<rant>Why aren’t these files available via Windows Update or WSUS? And why do I have to run a bunch of command line utilities to get them installed after installing the hotfix?</rant>
I decided to try and fix things without waiting the 8 hours for MS to get back to me with the HotFix, as I think I’ve already installed it at some point in the past but I wasn’t sure. (Shame on me for bad documentation) I ran regsvr32 c:windowssystem32inetsrviisadmpwdiispwchg.dll from the command line on our Exchange server, and this seemed to immediately correct the error. I was able to change the password on my test user twice (once by setting the “force password change on next login” in AD, and once by using the Change Password option in OWA).
Now my problem seems to be I get prompted to log in again when the pop-up window displays. I’ve got the same settings for authentication on both virtual servers, but it appears the basic authentication doesn’t carry between the main window and pop-up window in IE7. So I disabled basic authentication on both the IISADMPWD and EXCHANGE virtual directories – no more prompts except when you change an expired password. Appearantly there isn’t anything that can be done here – so when you change an expired password via IISADMPWD, be sure to use your old password right after you click the change password button.
All in all, the problem is fixed but it’s still going to confuse my mail-only users. Alas…the phone calls keep coming in.
(Migrated from https://normesysadmin.blogspot.com 6/16/16)