7

Here's our problem, users who want to change their password trough OWA get this error "The password you entered doesn't meet the minimum security requirements.", even if users are respecting the minimum security requirements.

With these settings, we have the error:

Enforced password history                          1 passwords remembered
Maximum password age                               185 days 
Minimum password age                               1 day
Minimum password length                            7 characters
Password must meet complexity requirements         enabled

With these test settings, we don't have an error:

Enforced password history                          not defined
Maximum password age                               not defined 
Minimum password age                               not defined
Minimum password length                            not defined
Password must meet complexity requirements         not defined

People can change their password but there is no more security!

Just changing one parameter of the GPO for example "Enforced password history", brings back this error.

Here's our server configuration :

Windows Server 2008 R2

Exchange Server 2010 
Version: 14.00.0722.000

If anybody has a clue it would very helpful !

Rémy Roux
  • 73
  • 1
  • 1
  • 3
  • Version: 14.0 is pre-SP1 correct? I believe that this is a bug SP1 fixes. – colealtdelete Aug 16 '11 at 21:30
  • I believe what you are referring to, is the ability to change EXPIRED passwords via OWA in Exchange 2010 SP1. You should still be able to change a non-expired password in Pre-SP1. – HostBits Aug 16 '11 at 21:43
  • We were not referring to expired passwords. Even if the password is valid it cannot be changed. We still get a "The password you entered doesn't meet the minimum security requirements." – Rémy Roux Aug 17 '11 at 14:50

3 Answers3

6

We had a similar issue. It was solved by setting the "Minimum password age" to 0 days.

Setting it to 1 day will prevent users from modifying their password if it is less than a day old, meaning that if it was just reset or changed for testing purposes, you will have to wait 24 hours to change it again.

Leave the complexity requirements as is, and set the minimum password age to 0 and try again.

kkr16
  • 96
  • 1
  • 3
1

I'd suspect the users AREN'T meeting the minimum security requirements if they are receiving that message. I wouldn't be surprised if the issue was with the Complexity Requirements being enabled. As per Technet:

Passwords must meet complexity requirements determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements:

The password is at least six characters long.
The password contains characters from at least three of the following:
    English uppercase characters (A - Z)
    English lowercase characters (a - z)
    Base 10 digits (0 - 9)
    Non-alphanumeric (For example: !, $, #, or %)
    Unicode characters
The password does not contain three or more characters from the
    user's account name.

I'd say try disabling the Complexity Requirements to test again.

HostBits
  • 11,776
  • 1
  • 24
  • 39
  • The user has entered the minimum security required. When we type the password in OWA the error appears, but no error with the same password typed in Active Directory. We have already tested with Complexity Requirements disabled. – Rémy Roux Aug 17 '11 at 14:51
0

Issue was resolved by:

  1. Start IIS on Exchange Server
  2. Select Default Web Site
  3. Expand sub-sites
  4. Select OWA
  5. On right, double click Modules
  6. On Far right pane, click “Configure Native Modules”
  7. Check exppw, then click ok
  8. Reset IIS