Users cannot change their password through OWA 2007

Hi,

I have read this before and just tried it out on my lab and it seemed to work ok for me. If you are CERTAIN that your policy is ok you may want to try this to register the DLL.

"regsvr32 C:\WINDOWS\system32\inetsrv\iisadmpwd\iispwchg.dll"

and then reset the IIS with the command
"iisreset /noforce"

I completed this twice and as I said it seems to work ok in my lab.

FIX: You experience various problems when you use the Password Change pages in IIS 6.0
http://support.microsoft.com/kb/833734

Error message when you try to use Outlook Web Access in Exchange 2007 to change an expired domain password: "Error: Object required"
http://support.microsoft.com/kb/932439

Registered the dll, and ran through the checklist in the IIS6 KB, but it has not helped, same issue comes up.

You may need to call MS PSS as I have not found any other solutions to this issue. Anyone actually resolved this using another method?

If you do fix this please update us so that we may all learn from your experience.

Thanks.

LeeDerbyShire, no luck there either.

well, the solution was pretty close to what LeeDerbyShire mentioned. MS Support advised me to change the Minimum Password Age to 0 days, which allowed a few of our test accounts to change their passswords.

The only thing I am confused about is that even if the time between password changes was more than a few days, it still did not allow people to change it. For instance, we give a user a default password, then they try to change it after a few days, but it would not have let them. Others however (like myself) were able to change our PWs through OWA just fine.

In any case, I'll submit the question to be closed, and award the points to Lee since he was on the right track with his suggestion. Thanks!

I've had similar problems with this kind of thing.  Probably because I don't know enough about it, but I found that if you have conficting settings in things like Local Computer Policy, Domain Controller Security Policy, and Group Policy, then it can be hard to work out which one has precedence.  It's probably easy enough for someone who knows the subject well enough, but I always found it confusing.

To LeeDerbyshire -
I know this issue is closed, but I just wanted to drop hopefully an explanation regarding policy application in domains.
Local Policy is always applied first
Followed by Site Policie(s) (if configured)
Followed by Domain Policie(s)
Followed by Organizational Unit Policies
If there are any conflicting polices, the last one applied wins! (There's a whole other issue when there are multiple policies per scope - but that's for another day.)
For domain PCs, it is pretty pointless to configure Local Policies, because they will simply be overwritten. Laptops are another story - if you want travelling employees to be affected by policies, then you may want to configure local policies on their laptops to closely resemble what they would experience in the office - up to you..

As a final note - and I admit my memory may be faulty here, but I beliieve there are specific policies - namely Account Policies - that can only be configured at the domain level; that is they can be configured elsewhere, but it will be wasted effort as the system will ignore the settings.

I hope this helps.
Cheers

Thanks ldrose537 - I'll write that down and save it somewhere.

Ive got the EXACT same issue :(

Please can someone help with this, as its inconsistent. I can change passwords for my OWA 2007 account, yet some users cannot. Please help, ive checked GPO's and its set as 42 days, but even on creating a test AD account, I couldnt change it after the minimum 1 day set.

k3t4n, did you try to set it down to 0 days?

parin,

tried this and YES it now works! users are able to use their Outlook web access portal and change passwords on the fly, WHILST enforcing the 'remember last 24 password ' history option.

thanks for this.
Regards

Glad to hear it works

I changed from 1 day rememberance to 0 days and it worked flawlessly! Thank you.