Here’s a comparison between the Outlook Web Access 2007 Light and Premium clients:
Exchange Server 2007 Service Pack 3 includes a handy new web page that allows users to change their password before logging into Outlook Web Access (OWA).
Previously, new users who are required to change their password at next logon or users whose password has expired cannot log on to OWA. They will get the less than helpful error from the OWA, “The user name or password that you entered is not valid. Try entering it again”, as shown below:
In order to logon to OWA, the user must logon to the network, enter their old password and the new password. Obviously, this causes problems for remote users whose password has expired or for new users who must change their password before logging in for the first time.
Exchange 2007 SP3 introduces a new SSL web page for these users that allows the user to change their password outside of OWA. The page tells the user, “Your password has expired and you must change it prior to signing in to Microsoft Outlook Web Access.”
Once the user changes their password, the page redirects the user back to OWA.
This new functionality is not enabled by default, since some organizations do not allow password changes from outside the internal network. To enable it:
- Logon to the CAS with administrator rights
- Run Regedit and navigate to HLKM\SYSTEM\CurrentControlSet\services\MSExchange OWA
- Create a new DWORD (32-bit) Value called ChangeExpiredPasswordEnabled
- Assign the ChangeExpiredPasswordEnabled value: 1
- Restart IIS using IISRESET /NOFORCE from the command line
Surprisingly, this functionality does not exist in Exchange Server 2010 (or the SP1 beta). I hope Microsoft decides to implement this when Exchange 2010 SP1 is finally released. It’s a pretty handy feature!
Note: Click here to view how to add the Sign In Again button to Exchange Server 2010.
By default when you click “Log Off” in OWA 2007, Exchange 2007 directs you to a page that explains that you have successfully logged off from Outlook Web Access. The only button available, “Close Window“, closes the existing browser window or tab. This article explains how to add a “Log On Again” button to the logoff.aspx page, as shown below:
To add the Log On Again button, follow these steps on each Exchange 2007 Client Access Server (CAS):
- Logon to the CAS using a local Administrator account.
- Using Windows Explorer, navigate to the %ProgramFiles%\Microsoft\Exchange Server\ClientAccess\Owa\auth folder and make a copy of the logoff.aspx file for backup.
- Edit the logoff.aspx file using Notepad.
- Use Find to search for the word logoffclose. In Exchange 2007 SP2 this will be line 115.
- Insert the following code before this line, as a single line:
<input id=”btnCls” type=”submit” class=”btn” title=”Click here to log on again” value=”Log On Again” onclick=”window.navigate(‘https://mail.contoso.com/owa‘)” onmouseover=”this.className=’btnOnMseOvr'” onmouseout=”this.className=’btn'” onmousedown=”this.className=’btnOnMseDwn'”>
- Edit the line above to use your company’s URL for OWA.
- Save the logoff.aspx file.
- Copy the new logoff.aspx file to the same file path on all your CAS servers.
Remember that applying any Exchange 2007 Service Pack or Update Rollup to your CAS servers will overwrite the changes you made, so create a copy of the edited logoff.aspx file to reapply the Logon Again button after the update. Also know that Service Packs and Update Rollups could possibly include changes to the logoff.aspx page, so you may need to follow these steps again to edit the new page included in the update.
The Change Password feature in OWA will break when you reconfigure the environment to use Exchange 2007 or Exchange 2010 CAS servers as front-end servers for Exchange 2003 mailbox servers. This is because the the CAS server don’t have the necessary ASP pages installed that OWA 2003 links to.
telnetPORT25 wrote a great article explaining the step-by-step process, along with screenshots, to fix this problem. I’m listing the high-level steps here (mainly to act as my long-term memory).
- Logon to the Exchange 2007/2010 CAS server
- Copy the %SystemRoot%\System32\inetsrv\iisadmpwd folder and files from the OWA 2003 FE server to the CAS server’s %SystemRoot%\System32\inetsrv folder
- Open IIS Manager and add a new Virtual Directory off the Default Web Site named IISADMPWD with a physical path of %SystemRoot%\System32\inetsrv\iisadmpwd
- Right-click the new IISADMPWD virtual directory and select Convert to Application
- Select the MSExchangeOWAAppPool
- Restart IIS (iisreset /noforce or select the server in IIS Manager and click Restart)