We finally went alive with two FE (front end server) road balanced behind the contend switch. All BE (Back End) server is using these two OWA FE servers from outside. The OWA traffic is being directed to URL, something like this Https://smtp25.org/webmail , this Cname maps to the IP address of the ISA Virtual IP Address. ISA (Proxy) server accepts all the traffic and passes over to inside network. The way we configured ISA, is with two interfaces. One is Public other one is internal interface. When ISA accepts traffic on Port 80, it redirects it to SSL (443) and passes inside network VIP (Virtual IP of the content switch). The Content switch is configured to distribute the traffic in round robin fashion, one session for one server A, second session for server B, third for server A forth for server B and so on. This is where you get the "Road Balance" type of configuration.
Anyway after completing this entire existing task, we realized we forgot to enable "Password Change" future. Now I am writing all the notes I put together to archive the mission with little finding. Creating Virtual directory called "Iisadmpwd" is the first step as shown below. Of course all these little things we do it not required in exchange 2007, because it is all build in, so upgrade to Exchange 2007 whenever is possible (-:
- Open IIS, click start, Run, InetMGR, and hit enter.
- In IIS Manager expand SERVERNAME, expand again Web Sites, and then expand Default Web Site.
- Right-click Default Web site and choose New, then select Virtual Directory.
- In the Welcome screen click next.
- In the Virtual Directory window type Iisadmpwd Click Next.
- In the Website Content Directory screen navigate to %Systemroot%\System32\Inetsrv\Iisadmpwd. Click Next.
- In the Virtual Directory Access Permissions grant Read, Run Scripts and Execute permissions. Click Next Finish.
- On the "Iisadmpwd" directory make a right click on go to properties and make sure
Executive permissions set to "Scripts and executables"
Application pool "ExchangeApplicationPoll" also one more thing to do. Click on Directory security, Under Authentication and access control, Click edit and make sure only "Basic authentication (password is sent in clear text) is selected.
Now you need to enable a register key. All you need to do it copy and paste below code into notepad and save as "DisablePassword_to_0.reg", after this double click on the red file to make the changes in the register
Windows Registry Editor Version 5.00
Here is the trick after you have done all the hard work you will have to reset IIS and make sure the information store service is restarted on the BE (back end server) to get this working otherwise you won't see the option change password when you log into OWA.
There is one property in MetaBase: PasswordChangeFlags. The default value in
Windows 2003 (IIS 6.0) is 6.PasswordChangeFlags, Metabase , Property With the value set to 6 u cannot change the password in OWA when the user password expires/Change password at next logon is selected.
You can run the below command on the server to check the value
If everthing is not working, but you are not getting "User must Change password" password expired, you have to run below scripts to get it going on the FE servers, so Click run, cmd, and go to"C:\Inetpub\AdminScripts" directory, use get script first if you get "6" it means prompt for expired password is not allowed, so use the second script to set it to "0" after IISRESET, OWA will happly will prompt you, your password expired and must be changed window.
C:\InetPub\AdminScripts> cscript adsutil.vbs get w3svc\PasswordChangeFlags
Set the value by following command on the server:
C:\InetPub\AdminScripts> cscript adsutil.vbs set w3svc\PasswordChangeFlags 0
if there is more problems after this check this link out KB894825
You receive an "Object Required" error message IIS 6.0
To register the file in IIS 6.0, type the following command at a command prompt:
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+