• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

Can't authenticate via IIS with User Must Change Password at next Logon

Hey Experts,

I'm having an odd issue. A coworker installed sharepoint on an IIS server and I'm not sure what else was done, but now no users can authenticate via ANY IIS server when the User Must Change Password at next Logon is selected. Otherwise it authenticates fine. I thought it might have been because he wiped out the IISADMPWD feature on that one partifuclar server, but no IIS server allows me to authenticate/change password anymore. please advise!
0
njmatt
Asked:
njmatt
  • 8
  • 6
1 Solution
 
Ron MalmsteadInformation Services ManagerCommented:
This behaviour is by design.  Once a password expires, access to all domain resources is chopped.

The user would have to logon to the domain first, and set their new password in order to access the sharepoint server.

Once they've done this, there should be no authentication prompt.
If a user is working remotely,....you can set the password for them, and they can continue normally.
0
 
njmattAuthor Commented:
Understood, but it has always prompted for a password-change up until recently right within the browser using IISADMPWD.
0
 
Ron MalmsteadInformation Services ManagerCommented:
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
njmattAuthor Commented:
thanks. I just discovered that Firefox gets the change password screens, but IE does not and fails to authenticate. Any ideas what would cause this now?
0
 
Ron MalmsteadInformation Services ManagerCommented:
Try putting it in the trusted sites zone,...or allowing popups for the sharepoint site.
0
 
njmattAuthor Commented:
OK that allowed me to the change password screen in IE. I've now narrowed it down to the wildcard application maps (JRUN) that do not forward you to the password change screen. ???
0
 
njmattAuthor Commented:
that is, in IE only. firefox everything works. IE everything works except the wildcard apps (domain.com/app)
0
 
Ron MalmsteadInformation Services ManagerCommented:
Since the wildcard mappings for CGI apps are working without issue in Firefox, it's implied to me that this is probably some security setting in IE.  I would think if it were a configuration error on the server that it wouldn't work at all.

agree ?

So at least we have it popping up now....  but the obvious question remains...  what has changed ?
Any windows updates that were recently applied ? Group policy changes ?

Just as a test...temporarily lower your security level on the trusted sites zone.  Set it all the way to low and give it a try.
0
 
Ron MalmsteadInformation Services ManagerCommented:
after the password prompt...what page error number are you getting right now if any ?

0
 
njmattAuthor Commented:
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)
0
 
njmattAuthor Commented:
it also should be locking me out for so many failed attempts, but it does not
0
 
njmattAuthor Commented:
to further complicate things I just tried logging into outlook web acces on a competely different IIS server and it has the same behavior with "Error: Access denied"
what dot he wildcard apps and OWA have in common?
0
 
Ron MalmsteadInformation Services ManagerCommented:
401.2 Denied by Server Configuration
This error indicates that the web server is configured to require certain authentication protocols for communication, but the browser failed to use any of those authentication protocols. The corrective action should be to either configure to require an authentication protocol acceptable to the client, or use a client that satisfies the server authentication protocol requirements.

Obviously a browser issue.

David Wang is a genius....read this.
http://blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx

See the attached pic.... what does you settings in IE look like ? and is it controlled by group policy or no ?
IE-Advanced-Settings.JPG
0
 
njmattAuthor Commented:
thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now