OWA 2007 password change option (IIS7)
Testing two different installations of Exchange 2007 and have read that password change on OWA 2007 works "as is" i noticed this: When the Active directory is set up on a different server/device and the Exchange on a member server 2008 (standard) users cannot change their passwords from OWA getting the message that domain user name cannot be found... everything other works fine... If i setup Exchange on an Active Directory Win Server 2008 this function works just fine... but this setup is not recommended at all even by Microsoft... Any ideas on why this happening? I have tested the same even with both firewalls totally disabled...(Allow all) Thanks in advance
June 18th, 2009 2:50pm

Hi, Thanks for your feedback. Base on my local test lab, we cannot reproduce the issue. Please try to post the detail environment here. 1. How many DCs? 2. What is the OS of these DC? 3. How many Exchange Servers? 4. Do these Exchange roles installed on the same machine? 5. What is OS of the client pc that you use to access OWA? 6. What is the version of the Internet Explorer? 7. When you create the account, which option you select on password changing page, change password at next login? Never change? 8. please try to run DCdiag from the client computer to see if we can connect DC normally. 9. Please try to create a new account and then test the issue again. Besides, when you want to change the password, please try to use Domain\Username or username@domain.com to see if the issue will occur. Regards, Xiu
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2009 8:47am

Thank you for the reply.. In my testing environment i have one DC (which is and GC) and another machine (member server)which runs Exchange.. (i am planning to have two DC's for backup). - Both machines run Windows Server 2008 standard. Exchange setup is the typical without edge transport server... one machine run all exchange services. - Client PC which trying to access OWA can be from inside the domain or not.. (i.e. my home)... Every function works fine except the page of password change which shows me about the domain user name. They run Windows XP SP3 - Internet Explorer 8 or Mozilla Firefox (on mozilla i get a detailed error report) - When creating the account all check boxes are left empty... (default options) - Running DCdiag from an 'outside' client you mean? Because i am mostly interested for clients out of the domain... Clients that are already in the domain can change passwords from windows so this would not be a problem with OWA... This was the first scenario... The second scenario is that: Two machines, both running Windows server 2008 standard with AD installed on both (DC & GC). Exhcange installed on one of them (typical setup), and after this EVERYTHING seems to work fine... even from inside or outside the domain... (internet access OWA).. but... this is not ok for security reasons... Tried every different way of logging in (in the first scenario) UPN, or domain\username, or username@domain.com ... nothing made a difference! THANKS IN ADVANCE!
June 23rd, 2009 1:03pm

Hi,What is the detail error information?please try to capture a screenshot and post here.Besides,inside the network,can you change OWA password via OWA UI?Do you have policy created on password changing?Regards,Xiu
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2009 8:58am

Hi again, I'am trying to reproduce this detailed report from mozilla because i am testing all the time and now i am having the working environment up..(DC installed on Exchange server too) Meanwhile.. From inside the network, from domain members or not, i get exactly the same message from OWA UI As for the password changing policy i haven't touch anything yet... just the option for the complexity so i don't have to use special symbols or other characters. All other password options are from the default domain policy. As soon as i reproduce the error report i'll post it here.. Regards, George
June 24th, 2009 10:00am

Strange.... trying to reproduce the same problem, after completely removing the AD roles from exchange test setup, password change option still working fine!!! This only happened probably on clean setup when i setup exchange on a clean Windows 2008 Standard server (domain member)... Does this say anything to you? Preparation of the domain took place according to the installation wizard.... Cheers
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2009 10:57am

OK, from my logs i found the error report from firefox when it cannot access the password change page: RequestUrl: https://mail.maris.gr:443/owa/forms/basic/BasicOptions.aspx?ae=Options&t=ChangePasswordUser host address: 192.168.5.196User: George SfakianakisEX Address: /o=Maris/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=mh999SMTP Address: George.Sfakianakis@maris.grOWA version: 8.1.240.5Mailbox server: MAIL.marisher.localExceptionException type: Microsoft.Exchange.Clients.Owa.Core.OwaIdentityExceptionException message: Failed to retrieve user nameCall stack Microsoft.Exchange.Clients.Owa.Core.OwaWindowsIdentity.GetLogonName() Microsoft.Exchange.Clients.Owa.Basic.Controls.ChangePassword.RenderChangePassword() ASP.forms_basic_basicoptions_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) System.Web.UI.Page.Render(HtmlTextWriter writer) System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Inner ExceptionException type: System.Security.Principal.IdentityNotMappedExceptionException message: Some or all identity references could not be translated.Call stack System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) System.Security.Principal.SecurityIdentifier.Translate(Type targetType) System.Security.Principal.WindowsIdentity.GetName() System.Security.Principal.WindowsIdentity.get_Name() Microsoft.Exchange.Clients.Owa.Core.OwaWindowsIdentity.GetLogonName()Does this make any sense?
June 24th, 2009 12:49pm

????
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2009 11:39am

Sorry for my late response.Remove AD roles? How did you do that?Let's try to focus on issue that we cannot change passwordfor OWA. (Exchange setup seperate from Domain Controller).Please try to logon the computer with the problematic account and then try to change the password.To change a user's passwordhttp://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_change_password.mspx?mfr=trueChange your Windows passwordhttp://windowshelp.microsoft.com/Windows/en-US/help/5c07e067-286d-4b8d-b342-431306e696aa1033.mspxBesides, please check if all server have been installed from the same OS images. We suspect thatthe machine security identifier (SID) is the same on DCs and the exchange servers. We can check event log(Exchange Server or Domain Controller) to see if event 5516 has been logged there.Regards,Xiu
June 30th, 2009 12:05pm

Thanks for your reply.Removed the AD roles from Add Roles wizard!... And the most strange thing this that after removing the roles it continued to work fine.Ok lets go to the seperate setup..There is no problematic account.. the same happens in all accounts (even administrator on which seems not to understand the domain... reads local machine/administrator)If the machine is member of domain, yes i can change the password from windows. BUT i cannot from OWAFinally i noticed that you talked about same images...is this a problem? Yes..i have same hardware (blade servers) and i have a very clean Windows 2008 STD installation without ANY roles installed on it.. I used this image, setup AD, setup a stand alone server, made this server member of the domain and installed Exchange on the member server... Unfortunately i have to re-setup the system because the testing environment now is working after removing the AD roles from Exchange machine, i have to set up them again to reproduce the problem...Regards,GeorgeP.S. If i finally find the problem is it possible to transfer the mailboxes/users to the new system? I have read that windows 2008 backup doesn't support exchange!
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2009 4:45pm

Hi,I found a similar casefrom our internal database. Thereall servers have been installed from the same OS images, System Preparation Tool 3.14 (Sysprep) has been run but still the machine security identifier (SID) is the same on DCs and the exchange servers,we need to fomart the OS and then re-isntall OS and Exchange Roles.For your issue,I recommend you to re-install OS and then check the issue again. With the clean environment,you can transfer the mailbox just for test purpose. I am not very sure if it is possible.Windows 2008 backup tool (Windows Server backup) cannot be used to backup Exchange.We have aware it and in the further it will be fixed,maybe in Exchange Server 2007 SP2. So far,we recommend to use Data Protection Manager to backup Exchange data.Regards,Xiu
July 3rd, 2009 5:37am

Thank you very much for this info. I have spent many hours for the reason and this should be... I will make a fresh install on both servers and test the installation again.. I will come back with the results.. THANK YOU
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2009 10:39am

Dear Xiu,thank you so much for your help!! My problem was due to image OS installation.. with clean install everything seems to work fine!!!Now i must find a solution to transfer the mailboxes and the AD users without transfering any "wrong" data.. Because i also realised that (probably due to sid or other issues) any user can send as any user without having the 'send as permission' activated at all!!!!!! I'll open a new thread due to different subject if you have to propose something...THANK YOU!
July 8th, 2009 3:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics