Previously, new users who are required to change their password at next logon or users whose password has expired cannot log on to OWA. They will get the less than helpful error from the OWA, "The user name or password that you entered is not valid. Try entering it again", as shown below:
Exchange 2007 SP3 introduces a new SSL web page for these users that allows the user to change their password outside of OWA. The page tells the user, "Your password has expired and you must change it prior to signing in to Microsoft Outlook Web Access."
This new functionality is not enabled by default, since some organizations do not allow password changes from outside the internal network. To enable it:
- Logon to the CAS with administrator rights
- Run Regedit and navigate to HLKM\SYSTEM\CurrentControlSet\services\MSExchange OWA
- Create a new DWORD (32-bit) Value called ChangeExpiredPasswordEnabled
- Assign the ChangeExpiredPasswordEnabled value: 1
- Restart IIS using IISRESET /NOFORCE from the command line