Re: IISADMPWD for Expired Passwords
- From: "jrhart25" <jrhart25@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 May 2005 15:51:33 -0700
I have similar problem as well. Trouble shooting it, it fails on this line.
GetObject("WinNT://" & domain & "/" & username & ",user")
With more troubleshooting, I did find that it does work if the account is
local on the web server, but not if it is on a windows 2003 domain. However,
if the account is not expired, it does work fine. It appears that if the
account is expired it can't read objects from the domain.
"sarnst@xxxxxxxxxxx" wrote:
> Sean,
>
> All of my Exchange servers have had SP1 for Exchange 2003 installed for
> months. I am refering to SP1 for Windows 2003. The IISADMPWD virtual
> directory is not a funciton of Exchange rather Exchange uses that function to
> permit password changes in OWA. You can implement IISADMPWD without running
> Exchange.
>
> My problem with installing KB833734 is that during testing it would allow a
> user who's password had expired to still log on to OWA. So I have no desire
> to put that fix in production. In addition the IISADMPWD files that are
> updated in Win2K3 SP1 are the DLL and the ASP pages related to active
> directory password changes, so I believe MS rolled up that hotfix into SP1.
> They are also the same files referenced in 883734.
>
> As for other updates, all of my servers are up to date on all critical
> patches such as the SMTP patch.
>
> At this point the issue appears to be either a back-end not being the same
> (not having Win2K3 SP1 installed) as the front-end or it is a security issue
> based on the error message I am receiving now that I have installed SP1 on
> the front-end servers (Error: Object required).
>
> I just need to know what object it is trying to access and or the security
> permissions necessary to allow it to be executed. THe log files for IIS or
> the system logs are of no help so far.
>
> Scott
>
> "Sean M. Loftus" wrote:
>
> > What you have here is really an Exchange and IIS bug, you need to apply
> > KB833734 to "both" the front end and the back end servers. Exchange
> > leverages IIS heavily and Exchange doesn't like having different versions of
> > ..dll's on the FE and the BE servers.
> >
> > This patch replaces some .dll files and some asp pages, specifically the
> > logon.asp and logoff.asp pages in the "exchsrvr\exchweb\bin" directory
> > structure. If you have customized your OWA logon pages, back them up before
> > you apply the patch, it replaces them. MS is always updating the code on
> > these asp pages with every patch so you generally have to rewrite some of
> > your code after every patch if you customize them.
> >
> > SP1 for W2K3 won't fix any Exchange related bugs...
> >
> > IISADMPWD password change fix - I had to use this myself
> > http://support.microsoft.com/kb/833734
> >
> > This is a Windows 2003 hotfix, but it must be applied before Exchange SP1
> > can be applied.
> > WindowsServer2003-KB831464-x86-ENU.exe
> > FIX: IIS 6.0 compression corruption causes access violations
> > http://support.microsoft.com/?id=831464
> > This hotfix must be applied before Exchange SP1 can be applied.
> >
> > Also, SP1 must be applied to front end servers first then back end servers.
> >
> > There is a Forward rules bug patch for OWA as well - Exchange2003-KB875269
> >
> > There is also a Windows SMTP vulnerability you should patch -
> > WindowsServer2003-KB885881
> >
> > --
> > Sean M. Loftus
> > Enterprise Architect
> > Loftus Consulting, Inc.
> > www.LoftusConsulting.com
> > sean(removeme)@loftus.org
> >
> >
> > "sarnst@xxxxxxxxxxx" <sarnstumflintedu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> > message news:45DFDFEC-82D9-4072-ACFC-0C7653DCAFC3@xxxxxxxxxxxxxxxx
> > >I am running Windows 2003 AD and Exchange 2003 SP1
> > >
> > > I am trying to setup a web location that users can go to to change their
> > > password after it has expired. I have remote users who do not ever logon
> > > to a
> > > machine joined to my domain and only use OWA 2003. I know that they get a
> > > 14
> > > day warning in OWA but my problem is if they ignore it or are on vacation,
> > > etc...
> > >
> > > I have IISADMPWD setup and it works fine until the users password has
> > > actually expired. Once the password has expired and it forces a change,
> > > then
> > > user gets an error when they try and change it through OWA (Error number:
> > > -2147023570).
> > >
> >
> >
> >
.
- Prev by Date: Re: Cannot Contact the DNS Server
- Next by Date: new access right
- Previous by thread: Re: Cannot Contact the DNS Server
- Next by thread: new access right
- Index(es):
Relevant Pages
|
Loading
