Microsoft KB Archive/297970

= Outlook Mobile Access and Personalization Page Is Accessible When You Use an Old Password =

Article ID: 297970

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Mobile Information Server 2001 Enterprise Edition

-



This article was previously published under Q297970



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
After you change the password to your user account, you may still be able to log on to the Personalization page and Outlook Mobile Access for Exchange Server 5.5 using the old password. However, if you wait a period of time (30 minutes to hour), you are unable to use the old password. During this time, after the password is changed, you can log on using both the new password and the old password.



CAUSE
This issue can occur because the password and other parts of your user object are cached by Internet Information Server (IIS) for up to 15 minutes by default. These items are cached for performance reasons.



RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, adjust this timeout value:  Start Registry Editor (Regedt32.exe) on the IIS server that the user accesses OWA on. Locate the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

 On the Edit menu, click Add Value, and then add the following registry value:

Value Name: UserTokenTTL (This value is case sensitive.)

Data Type: REG_DWORD

Value Range: 0 - 0x7FFFFFFF (This unit is in seconds.)

 Quit Registry Editor. You do not have to restart the computer or any services for the change to be applied.



WORKAROUND
To work around this issue, restart the World Wide Web Publishing service to temporarily clear the credentials cache.

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

267568 XWEB: Old Password Still Works After You Change It Through Outlook Web Access

Additional query words: remember save change login logon expired previous last

Keywords: kbbug KB297970

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.