Microsoft KB Archive/894825

= Troubleshoot problems with the Password Change pages that are included in IIS =

Article ID: 894825

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 6.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Server 4.0

-





SUMMARY
This article describes how to troubleshoot the different problems you may experience when you use the Password Change pages that are included with Microsoft Internet Information Services (IIS).



INTRODUCTION
The Password Change pages that are included with IIS let you change user account passwords in a Web page. In each version of IIS, you may experience problems when you use the Password Change pages. This article helps you troubleshoot problems that you may experience and provides steps to make sure that you are using the latest version of the Password Change pages for each version of IIS.



Install the latest Password Change pages
Before you start to troubleshoot the problem, make sure that you have the latest Password Change pages.

IIS 4.0
Note Because Microsoft Windows NT 4 is no longer a supported operating system, the pages that are included with IIS 4.0 will not be updated to address any problems. However, you can try to update the files by using the files that are included with Windows 2000.

The pages that are included with Windows NT 4.0 Option Pack use the Ism.dll ISAPI extension. Because of the security problems that are associated with this extension, we recommend that do the following:
 * Upgrade these pages to the latest version that use the Asp.dll ISAPI extension for their execution.
 * Use the Active Directory Service Interfaces (ADSI) technology for the functionality of the pages.

To do this, follow these steps:  Install the Active Directory Client Extensions for NT Workstation 4.0. For more information, visit the following Microsoft Web site:

http://www.microsoft.com/ntworkstation/downloads/Other/adclient.asp

 Back up the existing Iisadmpwd folder, and then install the HTR-2-ASP Windows NT 4.0 Package. Make sure that the HTR pages are mapped to Asp.dll, and make sure that the pages in the Iisadmpwd folder are correctly updated. After you update the HTR pages to use the Microsoft ASP technology, contact Microsoft Product Support Services to receive and to install the hotfix that is described in the following Microsoft Knowledge Base article:

831047 FIX: You experience various problems when you use the Password Change pages in IIS 5.0

Note Because Microsoft Windows NT 4 is no longer a supported operating system, the pages that are included with IIS 4.0 will not be updated to address any problems. However, you can try to update the files by using the files that are included with Windows 2000.

IIS 5.0 pre-Service Pack 4
If IIS 5.0 is not upgraded to Windows 2000 Service Pack 4 (SP4), the Password Change pages still use the Ism.dll ISAPI extension. Because of the security problems that are associated with this extension, we recommend that you do the following:
 * Upgrade these pages to the latest version that use the Asp.dll ISAPI extension for their execution.
 * Use the ADSI technology for the functionality of the pages.

To do this, follow these steps:  Download the installation package for Microsoft Windows 2000 Service Pack 2 (SP2) or Windows 2000 Service Pack 3 (SP3). After you install the HTR-2-ASP Windows 2000 Package to make the HTR pages use Asp.dll, contact Microsoft Product Support Services to receive and to install the hotfix that is described in the following Microsoft Knowledge Base article:

831047 FIX: You experience various problems when you use the Password Change pages in IIS 5.0

</li></ol>

IIS 5.0 post-Service Pack 4
If IIS 5.0 has been upgraded to Windows 2000 Service Pack 4, contact Microsoft Product Support Services to receive and to install the hotfix that is described in the following Microsoft Knowledge Base article:

831047 FIX: You experience various problems when you use the Password Change pages in IIS 5.0

IIS 6.0
When you are running IIS 6.0, contact Microsoft Product Support Services to receive and to install the hotfix that is described in the following Microsoft Knowledge Base article:

833734 FIX: You experience various problems when you use the Password Change pages in IIS 6.0

Troubleshooting
After you have verified that you have the latest files installed, if you are still running into problems when you use the Password Change pages, see the following sections to help troubleshoot any problems.

Anonymous User configuration
Make sure that the Anonymous User is the same for both of the following locations:
 * The Iisadmpwd virtual directory
 * The Web site that the Iisadmpwd virtual directory is under

Additionally, make sure that the Anonymous User has appropriate logon permissions on the IIS Web site even if you may not use Anonymous Access on any one of your Web pages. To test whether the anonymous user has the correct permissions on the IIS Web site, configure a simple Web page that only has Anonymous Access as the authentication. Then, try to open that Web page in Microsoft Internet Explorer.

You receive an &quot;Object Required&quot; error message
To resolve this problem, register the Iispwchg.dll file. To register this file in IIS 4.0 and in IIS 5.0, type the following command at a command prompt:

regsvr32 c:\winnt\sytem32\inetsrv\iisadmpwd\iispwchg.dll

To register the file in IIS 6.0, type the following command at a command prompt:

regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll

You receive an Error -2147022675 &quot;User Not Found&quot; error message
Verify that you correctly entered the user name. If no text box exists to enter the domain name separately, make sure that you enter the user name in either the  \  format or in the  @  format.

You receive an Error -2147023545 &quot;Cannot Access Domain Info&quot; error message
Verify that the computer that is running IIS can access the domain controller for the domain that you are running on. Additionally, make sure that you are using a valid domain name.

You receive an Error -2147024845 &quot;Network communication problem&quot; error message
This error message translates to a network error message where the computer that is running IIS cannot communicate with the remote computer. Make sure that the domain controller is available for the domain in which you are trying to change the password. Also, make sure that the domain controller for the domain can communicate with the computer that is running IIS.

You receive an Error -2147023569 &quot;Account Restriction&quot; error message
Make sure that no domain policy is in effect that prevents the user from changing the password. For example, a MinPasswordAge property restriction or a logon hour restriction may be in effect.

You receive a &quot;File Not Found&quot; error message
Typically, this problem occurs when you click Change Password in a Microsoft Outlook Web Access (OWA) client. This problem occurs when one of the following conditions is true:
 * Condition 1: You run a Microsoft Exchange Server 2003 front-end server on IIS 5.0. However, your back-end server is an Exchange 2003-based server that is running on a Windows Server 2003-based computer. In this case, OWA tries to find the Aexp2b.asp file, and this file does not exist on IIS 5.0. To work around this problem, make a copy of the Aexp2b.htr file that is in the Iisadmpwd folder. Then, rename the file Aexp2b.asp.
 * Condition 2: You are running an Exchange 2003 front-end server on IIS 6.0. However, your back-end server is an Exchange 2000-based server that is running on a Windows 2000-based computer. In this case, OWA tries to find the Aexp2b.htr file, and this file does not exist on IIS 6.0. To work around this problem, make a copy of the Aexp2b.asp file that is in the Iisadmpwd folder. Then, rename the file Aexp2b.htr. Additionally, you must add a mapping for the .htr extension to be processed by Asp.dll in the Iisadmpwd virtual directory.
 * Condition 3: You run an Exchange 2003 front-end server on IIS 6.0. However, your back-end is an Exchange 2003-based server that is running on a Windows 2000-based computer. In this case, OWA tries to find the Aexp2b.htr file, and this file does exist on IIS 6.0. To work around this problem, make a copy of the Aexp2b.asp file that is in the Iisadmpwd folder. Then, rename the file Aexp2b.htr. Additionally, you must add a mapping for the .htr extension to be processed by Asp.dll in the Iisadmpwd virtual directory.

In Condition 2 and in Condition 3, you must add a mapping for the .htr extension in the Iisadmpwd virtual directory. To do this, follow these steps:  Click Start, click All Programs, click Administrative Tools, and then click Internet Information Services (IIS) Manager.</li> Locate and then right-click the IISADMPWD virtual directory, and then click Properties.</li> In the Properties dialog box, on the Virtual Directory tab, click Configuration.</li> In the Application Configuration dialog box, click the Mappings tab.</li> If you have a mapping for the .htr extension that is mapped to C:\Windows\System32\Inetsrv\Asp.dll, skip the rest of the steps. If you do not have a mapping, click Add.</li> In the Add/Edit Application Extension Mapping dialog box, type the following text in the Executable box:

C:\Windows\System32\Inetsrv\ASP.DLL

</li> In the Extension box, type .HTR .</li> Under Verbs, click to select the Limit to check box, and then type GET,POST in the box.</li> Make sure that both the Script engine check box and the Verify that file exists check box are selected.</li> Click OK two times to save the changes.</li></ol>

The user name is not populated
This behavior is a side effect of using Anonymous Authentication on the Iisadmpwd virtual directory. If the user name must be populated, disable Anonymous Authentication so access to this virtual directory can be authenticated. If you do this, the Password Change pages can obtain the authentication information.

The specified user name contains characters that are not valid
Make sure that the user name only contains characters that are valid. If this problem still occurs, upgrade to the latest script engine. This error occurs because problems occur when the script engine tries to perform a regular expression match of the user name against a set of characters that are not valid. To obtain the latest version of the scripting engine, visit the following Microsoft Developer Network (MSDN) Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=01592C48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en

When you click OK, you are prompted to submit the Password Change credentials
This problem can occur if the client has not authenticated to IIS before the client submits the request. Typically, this problem occurs in OWA when the following conditions are true:
 * Basic Authentication is enabled on the Iisadmpwd virtual directory and on the Exchange virtual directory.
 * Exchange is using Owaauth.dll to control the logon to OWA.

When you are prompted for credentials, make sure that you enter the old password that you are trying to change. Enter the old password because you are still changing the password when you click OK. Only enter your new credentials after you receive the message that the password was successfully changed.

Server object ASP 0177 Class Factory could not supply requested class
After you apply IIS 5 SP4 on the IIS 5-based Web server, if you click Password Change, you receive the following error message:

Server object ASP 0177 Class Factory could not supply requested class. IISadmpwd/aexp2b.htr, line 61&quot; IISadmpwd/aexp2b.htr, line 61 is Set objNet = Server.CreateObject(&quot;WScript.Network&quot;)

WScript is part of the Windows Script Components. To download the Windows Script Components, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=c717d943-7e4b-4622-86eb-95a22b832caa&DisplayLang=en

If Windows Script Host is already installed, resolve this problem by registering %systemroot%\System32\Wshom.ocx.

<div class="references_section">