Solved

forefront tmg 2010 sp2 rollup 3 enforce password change from AD not working

Posted on 2013-02-04
4
1,060 Views
Last Modified: 2013-04-22
Hi all,

We have installed Forefront tmg 2010 sp2 rollup 3 and it is being used by Sharepoint and OWA.

We applied this Cscript EnableHotfix957859.vbs /webListener:<listener name> /Value:true for the OWA and Sharepoint Listeners.

Now we are enforcing a user to change the password from AD and if you enter correct username and any password a prompt will follow and ask you to change password. If we remove the enforce password from AD and test again with any password it says incorrect password.

Can you please inform us what the problem might be?
0
Comment
Question by:casscar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38853813
That is a very old hotfix which I used to use with ISA server, wasn't aware it also applied to TMG. The TMG is domain joined? Only the one TMG node?

What traffic are you seeing in the TMG realtime viewer during the password challenge stage?
Have you run a net monitor capture during the same stage to check the activity?

Keith
0
 

Author Comment

by:casscar
ID: 38853993
Hi Keith,

Do you have an idea what was the hotfix? No the TMG is not a member of the domain.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 38856302
Sure, this is a link to the text - and I note that it now includes TMG - but i guess this is what you have already applied.
http://support.microsoft.com/kb/957859

So you are connecting TMG to ad how for the pass through? LDAP? LDAPS?
If TMG is not domain-joined, I assume TMG is deployed with a single NIC in the DMZ? If so, what is between TMG and the AD controller(s) on the inside?

Feedback on my questions from earlier?
0
 

Author Closing Comment

by:casscar
ID: 39099957
Thanks all
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question