The festive holidays has just ended and things are starting to pick up after it. I’d went through a combination of tsunami and hurricans when a customer contacted me that all of their remote users weren’t able to access the Outlook Web Access due to expired passwords.

Since these users are accessing the messaging services from the Internet without any VPN service back to the data center, we’d to enable the password reset function within Exchange 2010 SP1 and TMG 2010:

  1. Login to the Client Access Server (CAS)
  2. Open up the registry editor (regedit.exe)
  3. Navigate to HKLM\System\CurrentControlSet\Services\MSExchangeOWA
  4. Create a REG_DWORD registry: ChangeExpiredPasswordEnable = 1
  5. Go to Run > type in IISreset and wait for the services to be restarted

Since the environment has 2 CAS unit and configured with Windows NLB, I’d to make sure the first unit works after the IISReset command and repeated step 1 – 5 at the second unit.

Moving on, we would need to login to the Reverse Proxy, running on TMG 2010 SP2. To do so, the publishing rule must have the following configured:

  • Form Based Authentication


  • Under the Web Listener > Forms > Password Management > Check the Allow users to change their password
  • Click OK to confirm the changes and click Apply once more to commit the changes at the TMG Management Console

Right now, users with expired password attempts to login through  the Outlook Web App, they would be redirected to a different page which allows them to change their password

Now, Administrators doesn’t need to manually resets the users password manually and let the technology do its wonders!