Users unable to change Exchange password through Outook

Hello All, so here is a description of the issue we are experiencing.
Recently we enabled password expiration policies in our Exchange 2003 environment. In our environment we have two domains.
(Domain A = All windows users and services Domain B = Only Exchange users and services)
We have a mixed environment of Outlook 2003, 2007, and 2010. The issue is, when a users password expires and they receive a prompt in outlook to change their password it will not allow them to change it. Regardless of the passwords complexity level/format. In the password change dialogue the domain name "Domain B" is entered into the domain field as is the username and the server name. However, each time the user enters a new password they get an error message stating "Your Windows password could not be changed. To change your password, you must log on to your organization's network or contact your system administrator."
So each time the password expires we have a huge influx of users calling in with locked accounts who cant change their password through outlook. We usually will log into their PC then RDP to the exchange server and use ADUC and have them enter a new password there. Very lengthy process as you can imagine.
Any idea on what might cause this issue?
LVL 1
CKabsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SreRajCommented:
Hi,

If Outlook is using RPC-HTTP to connect to Exchange Server, then change of password thru Outlook is not supported.

http://support.microsoft.com/kb/895276

Change your network password by using any one of the following methods that are available in your environment:  
•Log on through a VPN connection to the network.
•Log on to the Local Area Network (LAN).
•Use the Internet Information Server (IIS) Change Password feature with Outlook Web Access (OWA). For information about how to configure the IIS Change Password feature, see the following article from the Microsoft Knowledge Base.

http://support.microsoft.com/kb/297121
0
Vijaya Babu SekarAssociate Ops ManagerCommented:
In Exchange server will not allow to change password through outlook. so you may try to change password through OWA or corporate system (LAN)

Thanks
0
CKabsAuthor Commented:
SreRaj: As far as i know we do not use RPC over HTTP, we are using MAPI in our outlook clients.

ViJay: This is not an OWA issue. Please read the question in more detail before responding...
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

SreRajCommented:
Is Domain B child domain of Domain A? Users having mailbox are in Domain B, so are they logging in to Domain B on the workstation, If so can't they change the password in workstation using Ctrl + Alt + Delete -> Change Password option.
0
CKabsAuthor Commented:
SreRaj: No the two domains are completely separate. The users never actually log into a workstation with the credentials they use to log into outlook. Herein lies the issue, outlook does not allow users to change their password.
0
SreRajCommented:
There is a known issue for this scenario. Since Outlook Account is in a seperate domain, when user tries to change password, outlook client will not be able to find Primary Domain Controller Emulator (PDC Emulator) for that domain. Exchange Server is responsible for giving this information. If the domain to which user logs on is same as the domain for the account used in outlook, then this issue will not happen.

In order to fix this issue, you need to create the following registry key on the PDC Emulator server in the domain where exchange accounts are hosted. To find the PDC Emulator, you could run the command 'netdom query fsmo' from command prompt. The following registry key is case dependent.

1.Start Registry Editor (Regedt32.exe).
2.Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:
SYSTEM\CurrentControlSet\Control\LSA

3.If you are using Windows NT, on the Edit menu, click Add Value.

Note If you are using Windows 2000, on the Edit menu, point to New, and then click DWORD Value.
4.Add the following value, depending on which protocol is shared between the clients and the PDC:

TCPIPClientSupport

5.If you are using Windows NT, in the Data Type field, select REG_DWORD, and then click OK.
6.In the DWORD editor, in the Data field, type 1.
7.Click OK. The new value appears.
8.You must restart the PDC for the changes to take effect.

Ref: http://support.microsoft.com/kb/236111
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CKabsAuthor Commented:
Hey SreRaj, I know its been a while since i checked this post. I lost access to my EE account for a short time. I have applied this reg fix and scheduled a reboot of the exchange server tonight. I will post back an update tomorrow and close the question if all goes well. Thanks for posting that info!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.