3

When we provision users we set the "User must change password at next logon" flag and instruct them to go to OWA to login for the first time and change their password. Using the registry setting ChangeExpiredPasswordEnabled as explained here:

http://technet.microsoft.com/en-us/library/bb684904.aspx

worked well prior to SP2 installation. This allows users with 'expired' passwords to logon and forces a password change before they can access OWA. We just installed Exchange 2010 Service Pack 2 and now it's no longer working. Users with this flag set ('expired' passwords) can't login in at all unless we clear the flag.

FYI here's the registry key configuration as set now with SP2 installed: enter image description here

Any suggestions as to how I might fix this? Or did MS break this feature in Service Pack 2?

JJ.
  • 203
  • 2
  • 10

4 Answers4

2

The problem in my case was a trailing space character on the registry key, likely due to a copy-paste from the web, ie. I had:

'ChangeExpiredPasswordEnabled '

vs.

'ChangeExpiredPasswordEnabled'

and thus the setting was not detected. Removing the trailing space character resolved the issue.

JJ.
  • 203
  • 2
  • 10
1

I found found that this works. 

Log on to the Client Access Server
Click on Start, Run and type in regedit and click on OK
Expand HKEY_LOCAL_Machine
Expand System
Expand CurrentControlSet
Expand Services
Click on MSExchange OWA
Right-click on the right hand side pane, click on New  and then DWORD (32 bit) value
Let’s name the key ChangeExpiredPasswordEnabled and its value will be 1,

Referance is here

Zapto
  • 1,824
  • 6
  • 23
  • 39
  • Thanks, but as I explained above, this is what we used successfully prior to the SP2 upgrade. The registry key is still there, but it is having no effect in SP2. – JJ. Jan 11 '12 at 06:25
  • Have tou checked to see if the red key is still there after sp2 it MIG have removed it. – Zapto Jan 11 '12 at 06:43
  • Do you mean registry key? Yes it is still there following the upgrade - I have checked. – JJ. Jan 11 '12 at 12:35
  • FYI I posted a screenshot of my registry setting above. – JJ. Jan 11 '12 at 13:37
1

I have configured Exchange 2010 SP2 for OWA with ChangeExpiredPasswordEndbled set to 1 , restarted IIS with IISreset , The prompt to change the expried password shows up but it will not change the password. Same as the problem above.

Solution: In my case uninstalling or disabling our antivirus software resolved the problem.

Johnny Dogulas
  • 11
  • 2
1

In my case, the exppw module (exppw.dll) was not include in the OWA module in IIS. I have been working with this issue with no joy until today. It was just so happen that I was checking the logon.aspx in OWA and saw the exppw.dll. So I check IIS if this dll is registered. It is registered but the OWA virtual directory does not include this module. After adding the module then recycle MSExchangeOWAAppPool, the OWA change password screen appears when I login using an account that needs password to be change on next logon.

kenchix
  • 31
  • 3