<div>
Thanks. &nbsp;Here is another KB I found, which seems to be the same information. &nbsp;<a href="http://support.microsoft.com/kb/267568" rel="ugc nofollow">http://support.microsoft.com/kb/267568</a><br />
<br />
I'm currently running Exchange 2013 running on server 2012R2, with IIS 8.5
</div>


Thanks.  Here is another KB I found, which seems to be the same information.  http://support.microsoft.com/kb/267568 [http://support.microsoft.com/kb/267568]

I'm currently running Exchange 2013 running on server 2012R2, with IIS 8.5

<div>
<div class="content wysiwyg-content">
A user just came to me to say he changed his password and then noticed that he can log into OWA using both the old and new password.<br />
<br />
I had him try it on my computer and it would not allow him to do it, so I just told him to go clear his cache, thinking it was just strange voodoo that would go away.<br />
<br />
He came back to me again and said if he logged in user domain\user then it would only work with his new password, but if used user@domain as the username, then he could log in with both passwords.<br />
<br />
I had him show me on my machine and sure &nbsp;enough, it was true. &nbsp;I assume he was using his old and new password and have no reason to not believe him.<br />
<br />
The only thing I could think was that he was authenticating using 2 different DCs that hadn't synchronized, but we only have one mail server and I can't see the browser going out through a remote site VPN to authenticate and then come back here to access the exchange server.<br />
<br />
Any thoughts on this?
</div>
</div>


A user just came to me to say he changed his password and then noticed that he can log into OWA using both the old and new password.

I had him try it on my computer and it would not allow him to do it, so I just told him to go clear his cache, thinking it was just strange voodoo that would go away.

He came back to me again and said if he logged in user domain\user then it would only work with his new password, but if used user@domain as the username, then he could log in with both passwords.

I had him show me on my machine and sure  enough, it was true.  I assume he was using his old and new password and have no reason to not believe him.

The only thing I could think was that he was authenticating using 2 different DCs that hadn't synchronized, but we only have one mail server and I can't see the browser going out through a remote site VPN to authenticate and then come back here to access the exchange server.

Any thoughts on this?

User can log into OWA using old password if username entered as user@domain

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.