Microsoft KB Archive/267596

= XWEB: How to Change OWA Passwords Through IIS =

PSS ID Number: 267596

Article Last Modified on 9/19/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q267596



SUMMARY
This article describes how to change Outlook Web Access (OWA) passwords through Internet Information Services (IIS).



MORE INFORMATION
To enable users to change OWA passwords through IIS, use the following steps on each IIS server to which Exchange users are redirected:  Install and configure Secure Socket Layer (SSL) on the server. For additional information about how to install and configure SSL on the IIS server, click the following article number to view the article in the Microsoft Knowledge Base:

324069 HOW TO: Set Up an HTTPS Service in IIS

 Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. Right-click the default Web site, point to New, and then click Virtual Directory. In the Virtual Directory Creation Wizard, type IISADMPWD in the Alias box, and then click Next. In the Directory box, type :\winnt\system32\inetsrv\iisadmpwd (where   is your default hard disk), and then click Next. Verify that only the read and run script check boxes are selected (such as the ASP check box), click Next, and then click Finish. Verify that the Iisadmpwd folder has the Anonymous Access authentication method enabled. Note that you can select other authentication types, but you must also select the Anonymous Access authentication method.

NOTE: If you do not enable the Anonymous Access option, the client and server go into an endless loop when you attempt to authenticate users who are prompted to change an expired password. For example, if a user navigates to the site and is prompted for a password but their password has expired, the first page that they tried to access redirects them to the password expiry page. The password expiry page challenges the user, but because the user is not authenticated on the first page, the second page refuses the connection because the password has expired. When this occurs, the user is redirected back to first page, the first page redirects the user to the second page, and so on.For additional information about a fix for this looping behavior, click the article number below to view the article in the Microsoft Knowledge Base:

275457 IIS 5.0 May Loop Infinitely When A User Is Forced to Change Their Password

</li> Zero is the default value for the PasswordChangeFlags setting, but the following steps can be used to change or confirm the setting. To change the Metabase PasswordChangeFlags setting to zero (0), you must first change it to the \inetpub\adminscriptsfolder on your hard drive: <ol style="list-style-type: lower-alpha;"> At a command prompt, type cd \:inetpub\AdminScripts.

For example:

cd c:\inetpub\AdminScripts

</li> At the \:inetpub\adminscripts> prompt, type the following command:

adsutil.vbs set w3svc/passwordchangeflags

NOTE: The following values are options for the PasswordChangeFlags setting: <ul> 0: Requires password change by SSL</li> 1: Allows password change by non-secure ports</li> 2: Disables password changes</li> 4: Disables advance notification of expiration</li></ul> </li></ol>

The following example shows how to change the Metabase PasswordChangeFlags setting to 0:

cd c\:inetpub\AdminScripts

>adsutil.vbs set w3svc/passwordchangeflags 0

</li> Access the mailbox by using the following address (where  is the server name and   is the mailbox:

https:// /exchange/

</li> When you type the account information in the Aexp.htr or the Aexp.asp page (or on the Aexp3.htr/Aexp3.asp page if you are accessing it from a nonsecure URL), you must type.

In Internet Information Server (IIS) 4.0 and in Internet Information Services (IIS) 5.0, the change password functionality is handled through an ISAPI extension, Ism.dll. This component has been removed from Internet Information Services versions 5.1 and 6.0, and the change password functionality has been modified to use Active Server Pages (ASP). A package that can be downloaded has been created to deliver this ASP functionality for servers that are running IIS 5.0 on Microsoft Windows 2000 Server Service Pack 3 (SP3) or for servers that are running IIS 4.0 on Microsoft Windows NT 4.0 Server Service Pack 6a (SP6a).

Note This package has been tested and approved for use with Microsoft Exchange Server 5.5 and with Exchange 2000 Server Outlook Web Access. Because OWA references these files with an .htr extension, if you manually rename the files OWA cannot use the change password functionality. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

331834 IIS: Change Password Functionality Replaced with Active Server Pages

</li></ol>

Additional query words: change password

Keywords: kbhowto KB267596

Technology: kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchangeSearch kbiis500 kbiisSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.