Problem
The ability to create a new password from the Outlook Web App (Outlook Web Access) logon prompt was first introduced in Exchange 2007 SP3.
It allowed users which were either due for a new password or had ‘User must change password at next logon’ enabled to change their password as they logon.
Unfortunately this wasn’t carried over to Exchange 2010 as a default feature. Instead, it needs to be enabled through a registry modification.
Without this feature enabled, the user will receive a message saying “The user name or password you entered isn’t correct. Try entering it again.” if a password change is required.
Solution
Please note: This only applied to Exchange 2010 SP1 and above.
To enable this feature you will need to modify the registry on the Exchange server which runs the CAS role and reset IIS.
You need to make the registry modification on all CAS servers, if you have more than one in your environment.
- Log onto the Exchange server with the CAS role
- Open regedit and navigate to
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange OWA
- Create a new DWORD with the name of ChangeExpiredPasswordEnabled and value of 1
- Reset IIS by opening the command prompt (As Administrator) and running:
-
iisreset /noforce
- Users will now be prompted to change their password from the OWA logon prompt