We are using Exchange OWA 2010 SP3. When a user with an expired password tries to log in, they are told that the username or password is invalid:
According to this Technet blog setting a registry key and restarting IIS should fix it:
- On the Client Access Server (CAS), click Start > Run and type regedit.exe and click OK.
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
- Right click the MSExchange OWA key and click New > DWord (32-bit).
- The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1. Note: The values accepted are 1 (or any non-zero value) for "Enabled" or 0 or blank / not present for "Disabled"
- After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt.
This is how it is currently set in my server:
There are no spaces after ChangeExpiredPasswordEnabled, it is set to 1 etc.
After that I run IISreset /noforce from an elevated command prompt. I even rebooted the server. But when a user with an expired password tries to login he is still greeted with the 'username or password is wrong' error message.
I also looked in group policy to verify the minimum password age is set to zero.
We have a Windows 2012 domain controller.
btw: It has worked before, but only a couple of days earlier this year.
Windows event log on the Exchange server registers the following failure:
Failure Information:
Failure Reason: The specified account's password has expired.
Status: 0xC0000224
Sub Status: 0x0
In my case, the exppw module (exppw.dll) was not include in the OWA module in IIS. I have been working with this issue with no joy until today. It was just so happen that I was checking the logon.aspx in OWA and saw the exppw.dll. So I check IIS is this dll is registered. It is registered but the OWA virtual directory does not include this module. After adding the module then recycle MSExchangeOWAAppPool, the OWA change password screen appears when I login using an account that needs password to be change on next logon.
I did not change anything. But I tried again today. And now it works. After entering the old password I am redirected to /owa/auth/expiredpassword.aspx?url=/owa/auth.owa.
When I change the password and in AD set the 'user must change password on next logon' it still works.
No idea why I didn't work in the first place and no idea why it is working now...